Term and Conditions for Digital Services

May 2026

Recitals

Relationship between the parties
Basis
The services
Licence to customer
Licence to FCDO Services
Access to the services
Security
Fees and payment
Proprietary rights
Customer data
Customer obligations
Codes of connections
Data protection
Confidential information
Freedom of Information
Anti-bribery and corruption
Suspension of services
Termination
Consequences of termination
Change to services
Customer indemnities
Limitation of liability
Force majeure
Assignment
Waiver
Severance
No partnership or agency
Notices
Third party rights
Governing law and jurisdiction
Change control procedure
Dispute resolution
Schedule 1 – Definitions and interpretation
Schedule 2 – Part A – Controller to Processor

Annex

Data processing agreement (Part B – controller to controller)

Recitals

These “Terms, Conditions and Licence for Cloud Services” are to be used where FCDO Services provides Cloud Services (including SaaS, PaaS and IaaS) and / or Additional Services (together, the “Services”) to a Customer.
The Customer shall complete an Order Form for each and every Service, whether the services are Cloud Services or Additional Services or a combination of both, which shall be supplemented by additional documentation and specifications as appropriate.
The diagram below is an illustration of the agreement or contractual structure available under these Conditions.

Example illustration. If FCDO Services is the "Provider", the utilising entity is "The Customer" and the utilising entity's individual users are the "Authorised User". However, a third party (e.g. software supplier) is "The Customer", then the utilising entity is the "Service Beneficiary" and the utilising entity's individual users are the "Authorised User".

1 Relationship between the parties

1.1 This Agreement is a contract between the Customer and FCDO Services under which the Customer may either:

1.1.1 allow its Authorised Users (individual users) to access the Services; or
1.1.2 (subject to the written approval of FCDO Services) sell on the Cloud Services to a third-party Service Beneficiary that in turn may allow its Authorised Users (individual users) to access the Cloud Services.

1.2 The Customer acknowledges that this Agreement does not create a direct contractual relationship between FCDO Services and an Authorised User or, save as to any Data Processing Agreement, a Service Beneficiary, and therefore to the extent that any obligations in this Agreement apply to an Authorised User and/or a Service Beneficiary, the Customer shall enter into such contractual arrangements as are necessary with such Authorised User(s) and/or Service Beneficiary/ies to procure compliance with such obligations by the Authorised User(s) and/or Service Beneficiary/ies.

2 Basis

2.1 These Conditions set out the general terms that will govern trading between the Customer and FCDO Services where the Customer requests FCDO Services to provide and FCDO Services agrees to supply any or any combination of the Services.

2.2 The Order Form shall constitute an offer by the Customer to purchase the Services specified thereon from FCDO Services in accordance with these Conditions.

2.3 The Order Form shall be deemed to be accepted on the earlier of:

2.3.1 FCDO Services issuing written acceptance of the Order Form; or
2.3.2 any act by FCDO Services consistent with fulfilling the Order Form, which date shall be the Effective Date.

2.4 FCDO Services shall be entitled to assume that the Customer contact identified in the relevant Order Form or any other customer contact identified (whether formally or informally) by the Customer from time to time has the authority to represent and make any decisions on behalf of the Customer in respect of the Agreement (including decisions relating to the extension or renewal of the Agreement).

2.5 These Conditions apply to the Agreement to the exclusion of any other terms that the Customer seeks to impose or incorporate, whether in any purchase order or otherwise, or which are or have been implied by trade, custom, practice or course of dealing. Except as expressly permitted by the Agreement, no addition to or modification of the Agreement, including of these Conditions, shall be binding upon the Parties unless made by a written instrument signed by duly authorised representatives of FCDO Services and the Customer.

2.6 In relation to the Agreement, in the event of any conflict between the provisions of these Conditions and those of the Order Form, the Security Operating Procedures, the Service Prerequisites or the Service Definition(s), the following descending order of precedence shall apply:

2.6.1 any Change Request;
2.6.2 these Conditions which include any Special Conditions;
2.6.3 the Order Form;
2.6.4 the Security Operating Procedures;
2.6.5 the agreed Service Definition(s);
2.6.6 the Service Prerequisites; and
2.6.7 any other documents referenced in these Conditions, the Security Operating Procedures, the Service Prerequisites, the Service Definition(s) and the Order Form, which, to the extent of any conflict, shall be prioritised with those of later date having precedence over those of an earlier date.

2.7 Use of the Services or any of them shall be deemed conclusive evidence of the Customer’s acceptance of these Conditions.

2.8 During the Term and for a period of twelve (12) months thereafter, the Customer shall not directly or indirectly solicitor or attempt to solicit, or employ, attempt to employ, or offer employment to FCDO Services’ staff or FCDO Services’ contractors or agents who have been associated with the procurement and/or the contract management of the Services without FCDO Services’ prior written consent, save as to when a Relevant Transfer applies to such member of staff.

2.9 Each Party shall act in good faith towards the other Party at all times in connection with this Agreement. This includes a duty to act with honesty and sincerity in all aspects of the Agreement, including but not limited to entering into, carrying out its obligations in, or exercising any of its rights under, this Agreement.

2.10 The capitalised expressions shall have the meaning set out in Schedule 1 of these Conditions.

3 The services

3.1 FCDO Services will make the Services available to the Customer during the Term and subject to these Conditions.

3.2 There is no automatic right of the Customer to receive nor obligation of FCDO Services to provide Services under this Agreement beyond the Term.

3.3 The Services will be provided in accordance with the agreed relevant Service Definition(s) and agreed Order Form subject to the right of FCDO Services from time to time alter and/or modify all or part of the Services which alterations and/or modifications, may include, without limitation, the addition or withdrawal of features, products, services, software, documentation or changes in instructions.

3.4 Where FCDO Services reasonably believes there will be a loss and/or degradation in the Services (including any temporary loss and/or degradation), FCDO Services will endeavour, in so far as practicable and having regard to the degree of urgency, to give Advance Notice to the Customer.

3.5 Notwithstanding Clause 3.4, FCDO Services shall be entitled without liability to take any measures that affect the accessibility of the Services when deemed reasonably necessary for technical, maintenance, operational, or security reasons and FCDO Services reserves the right at any time and without prior notice to the Customer to temporarily discontinue the Services or any of them, change the Services’ hours of operation or to limit the Customer’s access to and use of the Services in order to perform repairs, make modifications to the design, operational method, technical specifications, systems, and other functions or as a result of circumstances beyond FCDO Services’ reasonable control.

3.6 Subject to any consent required under the Data Processing Agreement, FCDO Services may sub-contract the performance of certain portions of the Services to third parties at its sole discretion.

3.7 The obligations in Clause 3 and Clause 3.3 shall not apply to the extent of any non-conformance, which is caused by, due to, or as a result of use of the Services contrary to FCDO Services’ instructions, or modification or alteration of the Services by any party other than FCDO Services or FCDO Services’ duly authorised contractors or agents. If the Services do not reasonably conform to the relevant Service Definitions and such non-conformance is not caused by, due to, or as a result of use pf the Services contrary to FCDO Services’ instructions, or modification or alteration of the Services by any party other than FCDO Services or FCDO Services’ duly authorised contractors or agents, FCDO Services will, at its reasonable expense, use reasonable commercial endeavours to correct promptly any such non-conformance or provide the Customer with an alternative means of accomplishing the desired performance (at its sole discretion). FCDO Services reserves the right to terminate the Agreement under Clause 18 (Termination) if it cannot correct such non-conformance or provide an alternative means of accomplishing the desired performance in accordance with this Clause 3.7. Such correction or substitution constitutes the Customer’s sole and exclusive remedy for failure of FCDO Services to provide the Services. Notwithstanding the foregoing, FCDO Services:

3.7.1 does not warrant that the Customer’s use of the Services will be uninterrupted or error-free; or that the Services, Technology, Documentation, SaaS–Software and/or the information obtained by the Customer through the Services will meet the Customer’s requirements or that the Services, Technology, Documentation or SaaS–Software are free of viruses or other harmful components; and to the fullest extent permitted by law, disclaims all other warranties, express or implied, arising by law or otherwise (including, without limitation, any implied warranty of merchantability, any fitness for a particular purpose, any non-infringement and any implied warranty arising from course of performance, course of dealing or usage of trade) with respect to any error, defect, deficiency, infringement or noncompliance in the Services, the SaaS–Software, the Technology, the Documentation or any other items provided by, through or on behalf of FCDO Services under the Agreement;
3.7.2 is not responsible for any delays, delivery failures, or any other loss or damage resulting from the transfer of data over communications networks and facilities, including the internet, and by entering into the Agreement the Customer acknowledges that the Services and Documentation may be subject to limitations, delays and other problems inherent in the use of such communications facilities;
3.7.3 is not responsible for any content downloaded or otherwise obtained through the use of the Services, Technology or any SaaS–Software and such content shall be downloaded or otherwise obtained at the Customer’s own risk and the Customer will be solely responsible for any damage to its computer systems or losses of data that results from same;
3.7.4 shall not be liable for the Customer’s connection to or the availability or non-availability of PSN; and
3.7.5 shall not be liable for any prevention of access to the Services or any impairment of the functionality of the Services brought about by any restrictions or limitations imposed on Authorised Users by the Customer or Service Beneficiary.

3.8 The Agreement shall not prevent FCDO Services from entering into similar agreements with third parties, or from independently developing, using, selling or licensing documentation, products and/or services that are similar to those provided under the Agreement.

3.9 FCDO Services warrants that it has and will maintain all licences, consents, and permissions necessary for the performance of its obligations under the Agreement.

3.10 FCDO Services will host and maintain the Customer Interface, and provide the Customer’s Service Beneficiary and Authorised Users access to the Customer Interface using password protected user accounts.

3.11 FCDO Services may in its sole discretion modify, enhance or otherwise change SaaS–Software and/or the Customer Interface upon prior written notice to the Customer.

3.12 Where responsible for issuing User Identifications, FCDO Services reserves the right to periodically change issued usernames or passwords. FCDO Services will provide prompt notice to the Customer of any such username or password changes.

4 Licence to customer

4.1 Subject to the restrictions set out in this Clause 4 and the other provisions of these Conditions, FCDO Services hereby grants to the Customer, in the territory as specified in the Order Form (or if no territory is specified, within the UK only), a limited, irrevocable, non-exclusive, non-transferable right to permit the Customer, Authorised Users, and any Service Beneficiaries to access the Services through the Customer Interface during the Term solely for the Customer and its Authorised Users’ internal use in the regular course of the Customer’s or Service Beneficiary’s business operations.

4.2 In relation to the Authorised Users, the Customer undertakes that:

4.2.1 FCDO Services grants to the Customer a non-exclusive licence for the Term in the territory as specified in the Order Form (or if no territory is specified, within the UK only) to use the Software up to the maximum number of licences purchased, for its own internal use to enable communication with other licensed users of the Software. Use excludes offering for sale, sub-licensing, modification, demonstration to or use by any third party, any other public or private exhibition or use for more than the number of licences purchased;
4.2.2 the Customer may not use the Software to create any software whose expression or function is substantially similar to that of the Software nor use the Software for machine learning or to train any AI, algorithm or other system to function in a similar way to the Software; and
4.2.3 the Customer shall not sub-license, assign or novate the benefit or burden of this agreement in whole or in part; allow the Software to become the subject of any charge, lien or encumbrance; or deal in any other manner with any or all its rights and obligations under this agreement.

The Customer shall:

4.3.1 ensure that the maximum number of Authorised Users, EUDs or Instances of Customer Software that it authorises to access the Services, Technology and Documentation shall not exceed the number of appropriate CALs or Customer Software licences it has purchased;
4.3.2 procure that any CAL and Customer Software licence is used by no more than one individual Authorised User unless it has been reassigned in its entirety to another individual Authorised User, in which case the prior Authorised User shall no longer have any right to access or use the Services;
4.3.3 ensure each Authorised User shall keep a secure password for his use of the Services, and that each Authorised User shall keep his password confidential;
4.3.4 maintain a written, up to date list of current Authorised Users, including those of any Service Beneficiary, and provide such list to FCDO Services within five (5) Business Days of FCDO Services’ written request at any time or times;
4.3.5 where User Identifications are not assigned to Authorised Users by FCDO Services, permit and shall procure that any Service Beneficiary permits FCDO Services to audit the Customer and its Authorised Users or any Service Beneficiary to establish the User Identification of each Authorised User. Such audit may be conducted no more than once per quarter, at FCDO Services’ reasonable expense, and this right shall be exercised with reasonable prior notice, in such a manner as not to substantially interfere with the Customer’s or its Service Beneficiary’s normal conduct of business;
4.3.6 If any of the audits referred to in Clause 4.3.4 reveal that any User Identification has been provided to any individual who is not an Authorised User, then without prejudice to FCDO Services’ other rights, the Customer shall promptly disable or procure that the Service Beneficiary disables such User Identification and FCDO Services shall not issue any new User Identification to any such individual; and
4.3.7 if any of the audits referred to in Clause 4.3.4 reveal that the Customer has underpaid Fees to FCDO Services, then without prejudice to FCDO Services’ other rights, the Customer shall pay to FCDO Services an amount equal to such underpayment as calculated in accordance with the prices set out in the Price List together with the cost to FCDO Services of conducting the audit within ten (10) Business Days of the date of the communication of the underpaid Fees.

4.4 The Customer shall not, and the Customer shall procure that each Authorised User shall not access, store, distribute or transmit any Viruses, or any material during the course of its use of the Services that:

4.4.1 is unlawful, harmful, threatening, defamatory, obscene, infringing, harassing or racially or ethnically offensive;
4.4.2 facilitates illegal activity;
4.4.3 depicts sexual images of any kind;
4.4.4 promotes unlawful violence;
4.4.5 is discriminatory based on race, gender, colour, religious belief, sexual orientation, disability;
4.4.6 is in a manner that is otherwise illegal or causes damage or injury to any person or property; or
4.4.7 breaches in any manner any of the security arrangements set out by FCDO Services; and FCDO Services reserves the right, without any liability or prejudice to its other rights, to disable the Customer’s access to any material or related data that breaches the provisions of this Clause 4.4.

4.5 The Customer shall not, and the Customer shall procure that any Service Beneficiary and the Authorised Users shall not:

4.5.1 except as may be allowed by any applicable law which is incapable of exclusion by agreement between the Parties:
4.5.2 and except to the extent expressly permitted under these Conditions, attempt to copy, modify, duplicate, create derivative works from, frame, mirror, republish, download, display, transmit, or distribute all or any portion of the Services in any form or media or by any means; or
4.5.3 attempt to reverse compile, disassemble, reverse engineer or otherwise reduce to human-perceivable form all or any part of the Services; or
4.5.4 access all or any part of the Services in order to build a product or service which competes with the Services or any of them; or
4.5.5 save as expressly permitted by the Agreement in relation to any Service Beneficiary, use the Services, to provide services to third parties; or
4.5.6 save as expressly permitted pursuant to any other provision of these Conditions, license, sell, rent, lease, transfer, assign, distribute, display, disclose, or otherwise commercially exploit, or otherwise make the Services available to any third party except any Service Beneficiary and the Authorised Users; or
4.5.7 attempt to obtain, or assist third parties in obtaining access to the Services other than as provided under this Clause 4; or
4.5.8 use or launch any automated system other than the Customer Interface, including without limitation, “robots,” “spiders,” “offline readers,” etc., that accesses the Services in a manner that sends more request messages to FCDO Services’ servers than a human can reasonably produce in the normal course of their work in the same period of time by using a conventional on-line web browser.
4.5.9 The Customer shall not and shall procure that any Service Beneficiary or Authorised User shall not, in any way, make changes to the system configuration, environment, or tenant that, in the reasonable opinion of FCDO Services, may adversely affect FCDO Services’ ability to fulfil its contractual obligations. Examples include, but are not limited to:
4.5.10 system host names;
4.5.11 IP addresses;
4.5.12 system logging details / functionality; or
4.5.13 the starting or stopping of any or all of system or maintenance or monitoring services.

4.6 Should any system changes be required, they must be requested via the FCDO Services’ service desk. FCDO Services reserves the right to invoice the Customer for the cost of rectifying any unauthorised changes the Customer, any Service Beneficiary or any Authorised User has made.

4.7 The Customer shall use all reasonable endeavours to prevent any unauthorised access to, or use of, the Services and, in the event of any such unauthorised access or Unauthorised Use, promptly notify FCDO Services.

4.8 The rights provided under this Clause 4 are granted to the Customer or through the Customer to the Service Beneficiary only and shall not be considered granted to any subsidiary or holding company of the Customer or Service Beneficiary unless expressly named in the Agreement.

4.9 Nothing in these Conditions or elsewhere in the Agreement will be interpreted or construed to prohibit or in any way restrict FCDO Services’ right to:

4.9.1 license, sell or otherwise make available the Services, Technology or Documentation to any third party;
4.9.2 perform any services for any third party; or
4.9.3 license, purchase or otherwise acquire any software, technology, products, materials or services from any third party.

4.10 The Customer shall not make the Services available to any Service Beneficiary without the prior express written consent of FCDO Services, which consent shall be a precondition of the relevant Agreement and the licence granted herein, or in such a manner as is in breach of these Conditions or any other provisions of the Agreement. Where the Customer procures the Services solely for the purpose of providing them to one or more Service Beneficiaries, the licence granted to the Customer herein shall continue only for so long as such provision to the last such Service Beneficiary subsists (which, for the avoidance of doubt, shall not exceed the Term) and upon the termination of provision to the last such Service Beneficiary the licence and the Agreement shall terminate automatically.

5 Licence to FCDO Services

5.1 Subject to these Conditions, the Customer grants to FCDO Services a worldwide, non-exclusive, royalty-free license during the Term, or until such time agreed, to use, reproduce, electronically distribute, transmit, have transmitted, perform, display, store, archive, and make derivative works of the Customer Data to provide the Services.

5.2 FCDO Services shall have no right to sub-license or resell the Customer Data or any component of the Customer Data.

6 Access to the services

6.1 Where the Services consist only of IaaS or PaaS, the Customer may use and grant access to the Services to Authorised Users or any Service Beneficiary only as a combined solution together with (and integrated into) the Customer Services.

6.2 Save in respect of any RAS Equipment or any EUDs supplied to the Customer by FCDO Services, the Customer is solely responsible for providing, installing and maintaining at its own expense all equipment, facilities and services necessary to enable Authorised Users to access and use the Services and any Documentation through the Customer Interface, including, without limitation, all computer hardware and software, routers, printers, telephone service and internet access.

6.3 The Customer shall comply with all FCDO Services technical interfaces, standards and on-boarding process as notified by FCDO Services to the Customer in writing and as may be varied from time to time in FCDO Services’ sole discretion.

6.4 Where the Customer is not able to comply with Clause 6.3, the Customer may elect to accept a diminished service provided that where, in FCDO Services’ opinion, this option is not viable then FCDO Services shall have the right to terminate the Services with immediate effect.

6.5 Access to the Services is subject to the Service Prerequisites and Security Requirements. Any changes or modifications to the Customer Software and/or Customer Services that, in the reasonable opinion of FCDO Services, are required in order to make them compliant will be the responsibility of the Customer. If the Customer, the Customer Services or the Customer Software do not meet the Service Prerequisites and/or the Security Requirements, and the Customer does not change or modify them accordingly, FCDO Services shall be under no obligation to provide the Services and shall be entitled to terminate this Agreement forthwith without liability to the Customer or its Authorised Users.

6.6 Access to the Services and PSN is subject to the Codes of Connection and conditional on the Customer accepting the Codes of Connection. If the Customer does not accept the Codes of Connection, FCDO Services shall be under no obligation to provide the Services and FCDO Services shall be entitled to terminate this Agreement forthwith without liability to the Customer or its Authorised Users.

6.7 Access to the PSN does not form part of the Services but is subject to the Customer or Service Beneficiary obtaining such access directly from the PSN provider. Failure by the Customer or Service Beneficiary to obtain, or any subsequent loss by the Customer or Service Beneficiary of, such access shall be the sole responsibility of the Customer or the relevant Service Beneficiary and FCDO Services (without liability or prejudice to its rights or remedies), shall be entitled to terminate forthwith any Service for which such access is required.

6.8 This Agreement only considers access through PSN however subject to sponsorship or the specific request of the Customer, FCDO Services could connect to other services (for example PNN or N3). Should alternate access be agreed between the Parties, all references to PSN within this Agreement shall be deemed to apply to such alternate access.

6.9 The Customer acknowledges and shall advise Service Beneficiaries that the Services, due to their inherent security features or procedures, may prevent the Customer’s third-party software licence information being automatically sent to the suppliers of such licences and may also result in the loss of some software functionality.

7 Security

7.1 Where requested by FCDO Services, the Customer will submit in writing information about its security measures to the extent requested by FCDO Services prior to the delivery of services by FCDO Services.

7.2 The Customer shall, and shall procure that its sub-contractors, employees, agents and relevant third parties and all Authorised Users and each Service Beneficiary, comply with the Security Requirements and abide by the provisions of the Official Secrets Acts 1911 to 1989.

7.3 Each Party shall advise the other as soon as it becomes aware of any breach, or potential breach, of the Security Requirements or any other breach, or potential breach, of security which may adversely affect the Services. Failure by the Customer to notify FCDO Services of any such breach or potential breach of the Security Requirements will entitle FCDO Services to immediately terminate the Agreement in full or in part.

7.4 In respect of all personnel and third parties employed or engaged by the Customer in the use of the Services, the Customer shall comply with the provisions of the Security Requirements for vetting personnel as applicable to the relevant activity/role.

7.5 The Customer shall be responsible for ensuring that all Authorised Users have the appropriate security clearance (as determined by FCDO Services) before being permitted access to the Services and shall make the Authorised Users aware of these Conditions and any instructions identified by FCDO Services (including in any Security Aspects Letter). FCDO Services shall not be liable for any performance of its obligations which is caused by or attributable to a delay by the Customer in securing the completion of required vetting and/or security clearance of its employees, staff, representatives, and/or any third parties.

7.6 In the event of a Customer Delay, FCDO Services shall be entitled to a reasonable extension of time to perform its obligations, and the Customer shall not be entitled to any remedy for such late performance and FCDO Services shall not be held liable for such Customer Delay.

7.7 After the Customer Delay, FCDO Services shall be entitled to:

7.7.1 reconsider whether or not it can deliver the Services and the attainment of any milestones agreed prior to the Customer Delay (and reserves the right to require an extension of time not less than the duration of the Customer Delay (for which the Customer shall not unreasonably withhold its consent) and/or suspend or terminate either part of the Deliverables or the entirety of the Agreement under Clause 18 (Termination) if it cannot provide the Services and/or attain the milestones as a result of the Customer Delay); and/or
7.7.2 not return any monies paid for the Services already provided; and/or
7.7.3 recover from the Customer any additional costs incurred by FCDO Services during the Customer Delay; and
7.7.4 charge the Customer increased rates if the delivery of the Services falls into the next Financial Year.

8 Fees and payment

8.1 The Customer will pay to FCDO Services the Fees as published in the Price List and as more particularly set out in the relevant Order Form by the Due Date.

8.2 FCDO Services shall be entitled to invoice the Customer as follows:

8.8.1 for single payment Fees on or after the date stipulated in the Order Form;
8.8.2 for recurring Fees, in advance on or after the Service Commencement Date and thereafter at such periodic intervals as specified in the Order Form for the relevant Services;
8.8.3 otherwise at such stages or intervals as shall have been agreed in writing with the Customer in respect of a particular Service; and/or
8.8.4 if no payment date and/or interval is specified in the Order Form or otherwise agreed in writing by the Parties on or after the Service Commencement Date, payment will become due thereafter on a monthly basis as applicable.

8.3 If FCDO Services discovers any Assumptions are incorrect, then FCDO Services may make an equitable adjustment to the Fees to take account of any such inaccuracy and issue a new invoice to the Customer for the revised Fees.

8.4 The Customer shall pay the Fees without deduction or set off (whether formally demanded or not) in UK sterling (or such other currency specified in the relevant Order Form).

8.5 FCDO Services reserves the right to increase the Fees by written notice to the Customer prior to the start of the Financial Year and the new price increases will come into effect and apply from the beginning of each Financial Year. The rate increase will be in line as a minimum with the percentage increase (if any) of the Consumer Price Index in the preceding Financial Year.

8.6 In the event the delivery of the Services continues past the Term, the Customer will pay the Fees for each subsequent Financial Year for the proportion of Services delivered that Financial Year.

8.7 If any sum payable under the Agreement is not paid by the Due Date for reasons not solely attributable to FCDO Services then:

8.7.1 FCDO Services shall be entitled to charge the Customer interest on the overdue amount, from the Due Date up to the date of actual payment, after as well as before any judgement, at the rate of 8 per cent per annum above the base rate for the time being of the Bank of England. Such interest shall accrue on a daily basis and be compounded quarterly;
8.7.2 FCDO Services may withhold or suspend access to the Services under the Agreement until receipt by FCDO Services of all outstanding amounts in full; and/or
8.7.3 FCDO Services may terminate the Agreement in accordance with Clause 18.1.2 (Termination).

8.8 For the purpose of confirming the accuracy of any payment under this Clause 8 and to ensure recovery of any shortfall in payment, FCDO Services will have the right (at its own expense) to audit the usage of the Services at the Customer’s or Service Beneficiaries’ or any third-party’s premises and this right shall be exercised with reasonable prior notice, in such a manner as not to substantially interfere with the Customer’s normal conduct of business. If an audit reveals an underpayment by the Customer of amounts due compared with amounts paid, the Customer shall immediately make good the shortfall. If the audit reveals a discrepancy of five (5%) percent or more during the audited period, then the Customer shall, in addition to correcting the discrepancy and paying any late interest, also reimburse FCDO Services for all costs of the audit.

8.9 All Fees are exclusive of insurance, value added tax, import duties, withholding tax, stamp duties, sales, use, consumption, transfer or other taxes or similar charges (if any); all such costs shall be paid by the Customer at the rates and in the manner for the time being prescribed by applicable law.

9 Proprietary rights

9.1 FCDO Services and/or its licensors own all Intellectual Property Rights in the Services, Technology and the Documentation. Except as expressly stated in these Conditions, the Agreement does not grant the Customer, any Service Beneficiary, Authorised User or any third party any rights to, or in, any such Intellectual Property Rights or any other rights or licences in respect of the Services, Technology or the Documentation.

9.2 FCDO Services confirms that it has all the rights in relation to the Services, Technology and the Documentation that are necessary to grant all the rights it purports to grant under, and in accordance with, these Conditions.

9.3 The Customer may choose to, or FCDO Services may invite the Customer, Service Beneficiaries and/or Authorised Users to submit comments or ideas about the Services, including without limitation about how to improve the Services, or other FCDO Services products or services (“Ideas”). By submitting any Ideas, the Customer, Service Beneficiaries and Authorised Users agree that:

9.4 such disclosure is gratuitous, unsolicited and without restriction and will not place FCDO Services under any fiduciary or other obligation;

9.5 FCDO Services is free to disclose the Ideas on a non-confidential basis to anyone or otherwise use the Ideas without any additional compensation to the Customer, Service Beneficiary or Authorised User as the case may be; and

9.6 by acceptance of the Customer’s or Service Beneficiaries’ or Authorised Users’ submission, FCDO Services does not waive any rights to use similar or related ideas previously known to FCDO Services, or developed by its employees, contractors or agents, or obtained from sources other than the Customer or Service Beneficiaries or the Authorised Users

10 Customer data

10.1 The Customer shall own all right, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data.

10.2 FCDO Services shall follow its archiving procedures for Customer Data as set out in its Service Definitions. In the event of any loss or damage to Customer Data, save as otherwise provided in any Data Processing Agreement entered into pursuant to Clause 13 (Data Protection), the Customer’s sole and exclusive remedy shall be for FCDO Services to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by FCDO Services in accordance with the archiving procedure described in the relevant Service Definition. FCDO Services shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by FCDO Services to perform services related to Customer Data maintenance and back-up).

10.3 The Customer shall be solely responsible for the Customer Data that Authorised Users upload, publish, display, link to or otherwise make available (hereinafter, “Post”) on the Services, and, subject to any obligations of FCDO Services in relation to Personal Data, the Customer agrees that FCDO Services is only acting as a passive conduit for the online distribution and publication of the Customer Data. FCDO Services will not review, share, distribute, or reference any such Customer Data except in pursuance of its obligations as provided in the Agreement, including the Data Processing Agreement, or as may be required by law.

10.4 The Customer shall ensure that all Service Beneficiaries and Authorised Users do not Post any Customer Data that:

10.4.1 may create a risk of harm, loss, physical or mental injury, emotional distress, death, disability, disfigurement, or physical or mental illness to any person or animal;
10.4.3 may create a risk of any other loss or damage to any person or property;
10.4.4 may constitute or contribute to a crime or tort;
10.4.5 contains any information or content that is unlawful, harmful, abusive, racially or ethnically offensive, defamatory, infringing, invasive of personal privacy or publicity rights, harassing, humiliating to other people (publicly or otherwise), libellous, threatening, or otherwise objectionable;
10.4.6 contains any information or content that is illegal;
10.4.7 contains any information or content that the Customer does not have a right to make available under any law or under contractual or fiduciary relationships; or
10.4.8 contains any information or content that Customer knows is not correct or current.
10.4.9 The Customer undertakes that the Customer Data will not violate third-party rights of any kind, including without limitation any Intellectual Property Rights, rights of publicity and privacy.
10.4.10 Save as may be otherwise imposed in relation to Personal Data by law or by the Data Processing Agreement, or where loss or damage is the result of gross negligence or intentional misconduct by FCDO Services or its employees, FCDO Services takes no responsibility and assumes no liability for:
10.4.11 any Customer Data that Authorised Users or other third parties Post or transmit via the Services, nor for any public display or misuse of Customer Data; or
10.4.12 any loss or damage of any kind that occurs as a result of the use of any Customer Data that the Customer sends, uploads, downloads, streams, Posts, transmits, displays or otherwise makes available or accesses through Customer’s or Authorised Users’ use of the Services,
which shall be solely the Customer’s responsibility.

11 Customer obligations

11.1 The Customer shall comply with (and shall procure that all Authorised Users comply with) the Code of Connection at all times.

11.2 The Customer shall comply with (and shall procure that all Authorised Users comply with) the Security Operating Procedures as made available to the Customer and amended from time to time by or on behalf of FCDO Services.

11.3 The Customer shall:

11.3.1 provide FCDO Services with:
11.3.2 all necessary co-operation in relation to the Agreement; and

11.3.3 all necessary access to such information as may be required by FCDO Services,
in order to provide the Services, including but not limited to Customer Data, security access information and configuration services;

11.4 comply with all applicable laws and regulations with respect to its activities under the Agreement;

11.4.1 carry out all other Customer responsibilities set out in the Agreement in a timely and efficient manner. In the event of any delays in the Customer’s provision of such assistance as agreed by the Parties, FCDO Services may adjust any agreed timetable or delivery schedule as reasonably necessary;
11.4.2 ensure that the Authorised Users use the Services and the Documentation in accordance with these Conditions and any other provision of the Agreement and shall be responsible for any Authorised User’s breach of these Conditions or any other provision of the Agreement;
11.4.3 accept accountability and responsibility for the licensing of all Instances of Customer Software it has stored on FCDO Services’ hosted environment that were or are not supplied by FCDO Services under a SaaS agreement, and on request from FCDO Services, shall provide evidence of appropriate licencing;
11.4.4 obtain and shall maintain all necessary licences, CALs, consents, and permissions necessary for FCDO Services, its contractors and agents to perform their obligations under the Agreement, including the Services;
11.4.5 ensure that its network and systems comply with the relevant specifications provided by FCDO Services from time to time;
11.4.6 be solely responsible for procuring and maintaining its network connections and telecommunications links from its systems to FCDO Services’ data centres, and all problems, conditions, delays, delivery failures and all other loss or damage arising from or relating to the Customer’s network connections or telecommunications links or caused by the internet; and
11.4.7 notify FCDO Services immediately where it undergoes any change of control within the same meaning given in Clause 18.1.6.13 (Termination).

11.5 Where the Customer is selling on the Services to a third-party Service Beneficiary, the Customer:

11.5.1 irrevocably undertakes to contract with its Service Beneficiary with the incorporation of all the rights and obligations that apply to it as Customer under these Conditions into its contract with the Service Beneficiary by incorporating all the terms of these Conditions that will allow the Customer to fulfil its obligations to FCDO Services, mutatis mutandis; and
11.5.2 is aware that if it sells the Services to multiple Service Beneficiaries that a breach or any action by any Authorised User resulting in the suspension or termination of the Services may, dependant on the Customer’s method of delivery of the Customer Services, adversely affect all Service Beneficiaries and, for the sake of clarity, not solely the services provided to the Service Beneficiary whose Authorised User caused the suspension or termination of the Services.

11.6 The Customer shall not, and shall procure that its Authorised Users and Service Beneficiaries shall not, modify or alter the Intellectual Property Rights or any products of FCDO Services in any way without the prior written approval of FCDO Services. If the Customer supplements the Services, Technology or any product of FCDO Services with its own Customer Software and / or Customer Services for the benefit of the Authorised Users either directly or through the Service Beneficiary (the “Customer Integrations”), it shall do so entirely at its own risk and FCDO Services shall not, in any event, be liable for any loss, damage or malfunction arising out of or in connection with the Customer Integrations.

12 Codes of connections

12.1 The Customer will pay on the time set out in the Engagement Documentation, relevant terms and conditions, Arrangement or Agreement.

12.2 Upon acceptance of the Agreement the Customer will provide a written guarantee (giving assurance) there have been;

12.2.1 No threats to the system(s) addressed in the Engagement Document; if there have been any threats or breaches, the Customer will provide dates and details as well as rectification steps taken.
12.2.2 The Customer will notify FCDO Services of any proposed changes that may impact the security of the system(s). In this event, the Customer will provide an Impact Assessment prior to instalment to FCDO Services. FCDO Services reserves the right cease the provision of service, if in the opinion of FCDO Services, it is not in the best interest of the overall service(s).

12.3 Both Parties will provide representation to enable swift decision making in the event of an unforeseen circumstance arising that may have a detrimental effect on either Party.

12.4 Where the Customer will act as Data Controller, (and) they will set-out a series of instructions for FCDO Services when fulfilling the role as Data Processor. This will be via a Data Processing Agreement, which the customer will produce, manage and periodically review to ensure applicability. Where the requirements of Data Processing change, the Customer will enact the necessary review in collaboration with FCDO Services.
The Customer will not introduce any “Assets” (hardware, software, firmware etc) which;

12.4.1 are considered as End of Support and/or End of Life as defined and/or published by the vendor of that asset; and/or
12.4.2 hold published Common Vulnerabilities and Exposures (CVE), as defined by the vendor or by Third Parties; and/or
12.4.3 are known to be vulnerable or exploited, based on previous use of the equipment by the Customer or Third Parties; and/or
12.4.4 are not recommended for use, based on NCSC best practices or vendor publicised guidance; and/or
12.4.5 are unsuitable for use at the recognised Security Classification of this Service.

12.5 Should any Assets be identified in alignment with Clause 12.4, the Customer accepts full liability and will supply, without undue delay, replacement assets and/or the necessary funds to replace and/or replenish all affected assets. The Customer shall be liable for all costs and expenses incurred to protect, maintain, or restore the integrity and security of the System, including any fees charged by FCDO Services or any third party engaged on the Customer’s behalf. Such liability shall arise where the Customer’s assets are demonstrated to have caused harm to, or otherwise jeopardised, the integrity or security of the System. The Customer’s liability shall include all expenses required to return the System to the condition it would have been in had the relevant asset not been defective or faulty.

12 Data protection

13.1 When in the provision of Services pursuant to the Agreement, FCDO Services is required to process Personal Data on the Customer’s behalf, the Customer shall be the Data Controller and FCDO Services the Data Processor in respect of all such Personal Data unless the Customer is itself, in relation to any such Personal Data, the Data Processor on behalf of a third party Data Controller, in which case FCDO Services shall be a Sub-processor in respect of that Personal Data.

13.2 It shall be a prerequisite to any such processing that the Parties to the Agreement enter into a Data Processing Agreement between them in the form set out in Schedule 2. The Customer shall not transfer any Personal Data to be processed by FCDO Services as a Processor unless and until the Parties have entered into a separate data processing agreement in the form set out in Schedule 2. In any circumstances in which either: (a) FCDO Services is the Controller and the Customer is the Processor or Sub-Processor; or (b) both Parties are independent Controllers, the Parties shall enter into a Data Processing Agreement on terms which are substantially similar to those set out in Schedule 2 with the appropriate roles applied.

13.3 In the event that the Parties are in a Controller to Processer relationship in respect of Personal Data under this Agreement, the Parties shall implement the Data Processing Agreement based on the terms set out in Part A (Controller to Processor) of Schedule 2. In the event that the Parties are independent Controllers in respect of Personal Data under this Agreement, the Parties shall implement the Data Processing Agreement based on the terms set out in Part B (Controller to Controller) of Schedule 2.

13.4 FCDO Services shall not be liable for any delay in performance of its obligations under the Agreement where such delay is caused by or attributable to the Customer’s failure to enter into a Data Processing Agreement with FCDO Services which is in substantially the same form as the template set out in the Schedule 2. Where requested by FCDO Services, the Customer will confirm in writing to FCDO Services its security measures in relation to the processing of Personal Data, and for the avoidance of doubt this shall also be a prerequisite to any such processing and shall be agreed by both Parties. The failure of the Customer to execute a Data Processing Agreement pursuant to Clause 13.2 where required by FCDO Services shall be, unless it is agreed by both Parties that the Services can and shall continue to be provided without the processing of Personal Data, a material breach of the Agreement.

13.5 For the purposes of this Clause 3 the terms “Data Controller”, “Data Processor”, “Personal Data”, “process”, “processing” and “Sub-processor” shall have the meanings set out in Schedule 2.

13 Confidential information

14.1 Each Party may be given access to Confidential Information from the other Party in order to perform its obligations under the Agreement. A Party’s Confidential Information shall not be deemed to include information that:

14.1.1 was in the public domain, other than through any act or omission of the receiving Party, at the time of receiving it or has subsequently entered into the public domain other than by reason of breach of this Clause 14.4 or of any obligation of confidence owed by the recipient or by any of its sub-contractors or sub-licensees to the disclosing party;
14.1.2 was in the other Party’s lawful possession before the disclosure;
14.1.3 is lawfully disclosed to the receiving Party by a third party without restriction on disclosure;
14.1.4 is independently developed by the receiving Party, which independent development be shown by written evidence;
14.1.5 is required to be disclosed by any applicable law, by any court of competent jurisdiction or by any regulatory or administrative body;
14.1.6 was subsequently disclosed to it lawfully by a third party who did not obtain it (whether directly or indirectly) from the disclosing party under a duty or obligation of confidence; or
14.1.7 is independently developed by the receiving Party, where such independent development can be shown by written evidence.

14.2 Each Party shall hold the other’s Confidential Information in confidence and, unless required by law, not make the other’s Confidential Information available to any third party, or use the other’s Confidential Information for any purpose other than the implementation and performance of the Agreement.

14.3 A Party in receipt of the other’s Confidential Information (“Recipient”) must ensure that its employees and relevant third parties including but not limited to its professional advisers are aware of the confidential nature of the Confidential Information and comply with the provisions of this Clause 14.2, as if named as a Party to the Agreement. No Party shall use for its own or for another’s commercial advantage any Confidential Information relating to the other Party. Each Party shall take all reasonable steps to ensure that the other’s Confidential Information to which it has access is not disclosed or distributed by its employees or agents or any other third parties in violation of the terms of the Agreement.

14.4 Neither Party shall be responsible for any loss, destruction, alteration or disclosure of Confidential Information caused by any third party except to the extent that the third party destroys, loses, alters, and/or discloses such Confidential Information at the instruction of the Recipient.

14.5 If the Recipient loses any material or item containing Confidential Information of the other Party, the Recipient must promptly, and without delay, notify the other Party of the loss and all the circumstances surrounding it. For the avoidance of doubt, this reporting obligation includes any information marked under a classification in the UK Government Security Classifications Policy, which must be reported in accordance with the obligations under the UK Government Security Classifications Policy.

14.6 The Customer acknowledges that details of the Services, and the results of any performance tests of the Services, constitute FCDO Services’ Confidential Information.

14.7 This Clause 14 shall survive termination or expiry of the Agreement, however arising.

14.8 Each Party acknowledges and agrees that damages or an account of profits may not be an adequate remedy for a disclosure of Confidential Information in breach of the terms of the Agreement and the injured Party shall also have the right to apply for any equitable or injunctive relief in relation to any such breach.

14.9 With the exception of information in respect of the Fees, FCDO Services may at any time disclose its appointment by the Customer, and the general nature of the Services provided to the Customer, to third parties as a reference to the reasonable conduct of its business. For the avoidance of doubt, this right does not extend to the Customer and the Customer shall not make public its appointment of FCDO Services or any other information related to FCDO Services’ delivery of the Services unless:

14.9.1 it first obtains prior written consent from FCDO Services; or
14.9.2 such disclosure is required by applicable law.

14.10 Nothing in the Agreement shall prevent FCDO Services from using outside of the Agreement any general knowledge, experience or skill which was in FCDO Services’ possession prior to the Agreement, or which is independently developed or acquired otherwise than in the supply of the Services.

14.11 The Customer acknowledges that it may from time to time receive information from FCDO Services which is classified under the UK Government Security Classifications Policy and agrees that it shall comply with:

14.11.1 the UK Government Security Classifications Policy; and
14.11.2 all instructions notified to it by FCDO Services with respect to the handling of such information;
at all times. The Customer shall promptly notify FCDO Services of any breaches of the UK Government Security Classifications Policy and/or the instructions notified to it by FCDO Services regarding the handling of such information and shall take all such steps as required by FCDO Services to rectify such breach(es).

15 Freedom of information

15.1 By entering into an Agreement, the Customer acknowledges that FCDO Services is subject to the requirements of the FOIA and the Environmental Information Regulations and therefore agrees that it shall assist and co-operate fully with FCDO Services to enable FCDO Services to comply with its Information Disclosure Obligations.

15.2 In accordance with Clause 15.1, the Customer shall and shall procure that its sub-contractors or agents shall:

15.2.1 transfer to FCDO Services all Requests for Information that it receives in relation to the subject matter of the Agreement as soon as practicable and in any event within two (2) Business Days of receiving a Request for Information;
15.2.2 provide FCDO Services with a copy of all Information in its possession or power in the manner and form that FCDO Services requests as soon as practicable and in any event within five (5) Business Days (or such other period as FCDO Services may specify) of FCDO Services’ request; and
15.2.3 provide all necessary assistance as reasonably requested by FCDO Services to enable FCDO Services to respond to the Request for Information within the time for compliance set out in Section 10 of the FOIA or Regulation 5 of the Environmental Information Regulations.

15.3 FCDO Services shall be responsible for determining in its sole and absolute discretion and notwithstanding any other provision in the Agreement or any other agreement, whether the Information is exempt from disclosure in accordance with the provisions of the FOIA or the Environmental Information Regulations and shall act in accordance with Clause 15.5 regarding any disclosure.

15.4 The Customer agrees that it or its staff, sub-contractors or agents, and shall require that its Service Beneficiaries and Authorised Users shall not respond directly to a Request for Information unless expressly authorised to do so by FCDO Services.

15.5 The Customer acknowledges that (notwithstanding the provisions of this Clause 15) FCDO Services may, acting in accordance with the Secretary of State’s Code of Practice on the Discharge of the Functions of Public Authorities under Part 1 of the Freedom of Information Act 2000 (the “Code”), be obliged under the FOIA, or the Environmental Information Regulations to disclose information concerning the Customer or the Services:

15.5.1 in certain circumstances without consulting the Customer including for the avoidance of doubt Confidential Information; or
15.5.2 following consultation with the Customer and having taken their views into account,
provided always that where Clause 15.5.1 applies FCDO Services shall, in accordance with any recommendations of the Code, take reasonable steps, where appropriate, to give the Customer advanced notice, or failing that, to draw the disclosure to the Customer’s attention after any such disclosure.

15.6 If the Customer is subject to the requirements of FOIA and/or the Environmental Information Regulations:

15.6.1 FCDO Services shall assist and co-operate fully with the Customer to enable the Customer to comply with its Information disclosure obligations; and
15.6.2 the rights and obligations of the Customer set out in Clauses 15.2 to 15.5 (inclusive) shall apply to FCDO Services (and the rights and obligations of FCDO Services set out in these clauses shall apply to the Customer) mutatis mutandis.

15.7 The Customer acknowledges and agrees that nothing in this Clause 15 shall impose any obligation on FCDO Services to disclose to any third party any Customer Data stored in relation to the Services.

16 Anti-bribery and corruption

16.1 The Customer:

16.1.1 shall not, and shall procure that it and any Service Beneficiary and its Authorised Users shall not, in connection with the Agreement, commit a Prohibited Act; and
16.1.2 warrants, represents and undertakes that it is not aware of any financial or other advantage being given to any person working for or engaged by FCDO Services, or that an agreement has been reached to that effect, in connection with the execution of the Agreement, excluding any arrangement of which full details have been disclosed in writing to FCDO Services before execution of the Agreement.

16.2 The Customer shall:

16.2.1 if requested, provide FCDO Services with any reasonable assistance, at FCDO Services’ reasonable cost, to enable FCDO Services to perform any activity required by any relevant government or agency in any relevant jurisdiction for the purpose of compliance with the Bribery Act; and
16.2.2 within ten (10) calendar days of the Effective Date, and at any time when requested by FCDO Services thereafter, certify to FCDO Services in writing (such certification to be signed by an officer of the Customer) compliance with this Clause 16 by the Customer and all persons associated with it or other persons who are supplying goods or services in connection with the Agreement. The Customer shall provide such supporting evidence of compliance as FCDO Services may reasonably request.

16.3 The Customer shall have in place an anti-bribery policy (which shall be disclosed to FCDO Services) to prevent any it and any Service Beneficiary and any Authorised User from committing a Prohibited Act and shall enforce it where appropriate.

16.4 If the Customer notifies FCDO Services that it suspects or knows that there may be a breach of Clause 16.1, the Customer must respond within five (5) Business Days to FCDO Services’ enquiries, co-operate with any investigation, and allow FCDO Services to audit books, records and any other relevant documentation.

16.5 FCDO Services may terminate the Agreement by written notice with immediate effect if the Customer or any of its Service Beneficiaries or Authorised Users (in all cases whether or not acting with the Customer’s knowledge) breaches Clause 16.1.

16.6 Any notice of termination under Clause 16.5 must specify:

16.6.1 the nature of the Prohibited Act;
16.6.2 the identity of the party who FCDO Services believes has committed the Prohibited Act; and
16.6.3 the date on which the Agreement will terminate.

16.7 Notwithstanding Clause 32 (Dispute Resolution), any dispute relating to:

16.7.1 the interpretation of Clause 15 (Freedom of Information); or
16.7.2 the amount or value of any gift, consideration or commission, shall be determined by FCDO Services and its decision shall be final and conclusive.

16.8 Any termination under Clause 16.6 will be without prejudice to any right or remedy which has already accrued or subsequently accrues to FCDO Services.

16.9 In performing its obligations under the Agreement, the Customer shall comply with all applicable anti-slavery and human trafficking laws, statutes, regulations and codes from time to time in force including but not limited to the Modern Slavery Act 2015.

16.10 The Customer warrants and agrees that is in compliance with any and all applicable laws, regulations, and mandatory guidance or code of practices, including but not limited to:

16.10.1 anti-slavery and human trafficking laws, statutes, regulations and codes from time to time in force including but not limited to the Modern Slavery Act 2015;
16.10.2 any tax or social security obligations; and
16.10.3 any policies issued by FCDO Services.

16.11 The Customer shall notify FCDO Services immediately if any breach of Clause 0 by the Customer is known or suspected by the Customer.

17 Suspension of services

17.1 In the event the Customer is in breach of its undertakings or obligations under each of Clauses 4 (Licence to Customer), 7 (Security), 11 (Customer Obligations) and 16 (Anti-Bribery and Corruption) of these Conditions, or fails to pay Fees or any other amount when due, in addition to any other remedies available at law or in equity and without prejudice to any right of termination in Clause 17 (Termination) of these Conditions, FCDO Services will have the right, in its sole reasonable discretion, to immediately suspend Customer’s and Authorised Users’ use of and access to the Services or any part thereof and recover any fees incurred but not yet invoiced.

18 Termination

18.1 Without prejudice to any rights that have accrued under the agreement or any of its rights or remedies, FCDO Services may terminate the Agreement without liability to the Customer on immediate written notice (or following such notice period it sees fit):

18.1.1 subject to Clause 20.2 (Change to Services);
18.1.2 if the Customer defaults in the timely payment of any amounts due to FCDO Services and fails to correct such default within fourteen (14) Working Days of the Due Date;
18.1.3 immediately, and notwithstanding any right of FCDO Services to suspend the Services for such breach, if the Customer breaches any provisions of Clause 4 (Licence to Customer);
18.1.4 in the event of a material breach by the Customer of any other provision of the Agreement and the Customer fails to correct such breach within fifteen (15) calendar days of written notice;
18.1.5 immediately, in the event that the Customer is unable to comply with the requirements of Clause 0 (Access to the Services) or, in relation to a failure to comply with Clause 6.3, in FCDO Services’ opinion, the provision of a diminished service to the Customer by FCDO Services pursuant to Clause 6.4 is not viable; or
18.1.6 immediately, save as provided below, if the Customer becomes subject to any of the following events (or any similar events under the law of any other jurisdiction):
- 18.1.6.1 the Customer suspends, or threatens to suspend, payment of its debts, or is unable to pay its debts as they fall due or admits inability to pay its debts, or (being a company) is deemed unable to pay its debts within the meaning of section 123 of the Insolvency Act 1986, or (being an individual) is deemed either unable to pay its debts or, as having no reasonable prospect of so doing, in either case, within the meaning of section 268 of the Insolvency Act 1986, or (being a partnership) has any partner to whom any of the foregoing apply;
- 18.1.6.2 the Customer commences negotiations with all or any class of its creditors with a view to rescheduling any of its debts, or makes a proposal for or enters into any compromise or arrangement with its creditors other than (where the Customer is a company) these events take place for the sole purpose of a scheme for a solvent amalgamation of the Customer with one or more other companies or the solvent reconstruction of the Customer;
- 18.1.6.3 (being a company) a petition is filed, a notice is given, a resolution is passed, or an order is made, for or in connection with the winding up of the Customer, other than for the sole purpose of a scheme for a solvent amalgamation of the Customer with one or more other companies or the solvent reconstruction of the Customer;
- 18.1.6.4 (being an individual) the Customer is the subject of a bankruptcy petition or order;
- 18.1.6.5 a creditor or encumbrancer of the Customer attaches or takes possession of, or a distress, execution, sequestration or other such process is levied or enforced on or sued against, the whole or any part of its assets and such attachment or process is not discharged within fourteen (14) calendar days;
- 18.1.6.6 (being a company) an application is made to court, or an order is made, for the appointment of an administrator or if a notice of intention to appoint an administrator is given or if an administrator is appointed over the Customer;
- 18.1.6.7 (being a company) a floating charge holder over the Customer’s assets has become entitled to appoint or has appointed an administrative receiver;
- 18.1.6.8 a person becomes entitled to appoint a receiver over the Customer’s assets or a receiver is appointed over the Customer’s assets;
- 18.1.6.9 any event occurs, or proceeding is taken, with respect to the Customer in any jurisdiction to which it is subject that has an effect equivalent or similar to any of the events mentioned in Clause 01 to Clause 18.1.6.8 (Termination) inclusive;
- 18.1.6.10 the Customer suspends, or threatens to suspend, or ceases or threatens to cease to carry on, all or substantially the whole of its business;
- 18.1.6.11 the Customer’s financial position deteriorates to such an extent that in FCDO Services’ opinion the Customer’s capability to adequately fulfil its obligations under the Agreement has been placed in jeopardy;
- 18.1.6.12 (being an individual) the Customer dies or, by reason of illness or incapacity (whether mental or physical), is incapable of managing his or her own affairs or becomes a patient under any mental health legislation; or
- 18.1.6.13 the Customer undergoes a change of control, within the meaning of section 416 of the Income and Corporation Taxes Act 1988, which in FCDO Services’ opinion impacts adversely and materially on the performance of the Agreement.

18.2 The Agreement may be terminated by the Customer for any reason upon ninety (90) calendar days’ written notice to FCDO Services. Email notification shall suffice as written notification to FCDO Services.

18.3 The Agreement may be terminated for convenience by FCDO Services upon thirty (30) calendar days’ written notice if Services continue to be provided beyond the Term of the Agreement without a new Order Form being agreed between the Parties. Email notification shall suffice as written notification to the Customer.

18.4 The Agreement will terminate automatically in the circumstances described in Clause 4.10 (Licence to Customer).

Partial Termination

18.5 Where FCDO Services has the right to terminate the Agreement, FCDO Services may do so in whole, or in part provided that the remaining parts of the Agreement can still operate effectively to deliver the intended purpose. Where FCDO Services terminates this Agreement in part the remainder of the Agreement shall remain in force and unaffected.

19 Consequences of termination

19.1 Termination of the Agreement shall be without prejudice to the accrued rights or remedies of the Parties under the Agreement or in law or equity at the date of termination. Upon termination of the Agreement pursuant to Clause 188 (Termination), unless otherwise specifically provided for in writing by the Parties, the following will apply:

19.1.1 the license rights granted to Customer, Service Beneficiaries and Authorised Users with respect to the Services, the SaaS–Software and the Documentation will terminate effective as of the effective date of the termination;
19.1.2 the Customer will and will cause Service Beneficiaries and Authorised Users to promptly return to FCDO Services any property of FCDO Services in their possession and/or control and shall procure that its sub-contractors do the same;
19.1.3 the Customer will destroy any Confidential Information and provide a certificate of destruction to FCDO Services for the balance of Confidential Information (save for a single copy of FCDO Services’ Confidential Information) signed by an authorised signatory, which the Customer may retain if required or permitted by law and shall procure that its sub-contractors do the same;
19.1.4 FCDO Services will return to the Customer any and all Confidential Information of the Customer in its possession or provide a single copy of all Confidential Information to Customer for statutory purposes and provide a certificate of destruction for the balance of the Confidential Information;
19.1.5 FCDO Services will have no obligation to provide the Services to the Customer or Authorised Users after the effective date of the termination;
19.1.6 the Customer will pay to FCDO Services any amounts payable for the Customer’s and Authorised Users’ use of the Services to the effective date of the termination; and
19.1.7 the Customer will pay to FCDO Services any early termination fees and any other costs whether or not they are stipulated in the Price List, the Order Form, or as otherwise indicated by FCDO Services as payable for early termination including any incidental costs FCDO Services incurs arising from the early termination and/or for the transfer to a third party service provider.

19.2 In the event of termination of the Agreement, the Customer and FCDO Services shall use reasonable endeavours to cooperate in order to ensure the smooth transition or hand over of services. This shall include as a minimum a jointly produced exit plan, the preparation and deployment of which may incur an exit fee for the jointly produced exit plan. FCDO Services reserves the right to charge the Customer at FCDO Services’ standard commercial rates in force at the time of the termination for the exit-related services. FCDO Services will invoice for such exit-related services in accordance with Clause 8.2 (Fees and Payment). The Customer shall pay for all such exit-related services in accordance with Clause 8.1. FCDO Services will use its reasonable endeavours to notify the Customer with an estimate of the charges in advance of the termination.

20 Change to services

20.1 FCDO Services reserves the right to make any changes to the Services that are required to conform with the laws of England and Wales and the European Union and all other relevant laws or regulations, regulatory policies, Security Prerequisites, Codes of Connection, PSN requirements, guidelines or industry codes which apply to the provision of the Services, which do not materially affect their quality or performance.

20.2 FCDO Services reserves the right to make any change to the Services which in its opinion is necessary to comply with any change in legislation and/or regulation taking effect after the date of this Agreement (“Change to Law”). FCDO Services reserves the right to terminate the Agreement by serving thirty (30) calendar days written notice on the Customer (subject to a reimbursement of Fees already paid in respect of Services not yet provided on a pro-rata basis and the Customer paying the monies due under Clause 19.119.1.7 (Consequences of Termination) including but not limited to any further incremental costs FCDO Services may reasonably incur and require to be imbursed) in the event that:

20.2.1 FCDO Services determines in its opinion that it is not reasonable and/or commercially possible to make a change to the Services in order to comply with the Change to Law without materially affecting the Services and/or the Agreement; and/or
20.2.2 the Customer notifies FCDO Services that it shall not pay the costs of preparing and effecting such changes determined necessary by FCDO Services in response to the Change to Law.

21 Customer indemnities

21.1 The Customer shall defend, indemnify and hold harmless FCDO Services and its subsidiaries, agents, managers, and other affiliated companies, and their employees, contractors, agents, officers and directors, from and against any and all claims, damages, obligations, losses, liabilities, costs or debt, and expenses (including but not limited to court costs and legal fees) arising from:

21.1.1 the Customer’s, any Service Beneficiary’s and any Authorised Users’ use of and access to the Services including any data or work transmitted or received by the Customer, Service Beneficiary or Authorised Users;
21.1.2 the Customer’s, any Service Beneficiary’s or an Authorised User’s violation of any term of the Agreement;
21.1.3 the Customer’s, any Service Beneficiary’s or an Authorised User’s violation of any third-party right, including without limitation any right of privacy, publicity rights or Intellectual Property Rights;
21.1.4 the Customer’s, any Service Beneficiary’s or an Authorised User’s violation of any law, rule or regulation of any country in relation to the use of the Services or Customer Data whether or not in breach of the terms of the Agreement;
21.1.5 any claim or damages that arise as a result of any of the Customer Data or any data that are submitted via user accounts;
21.1.6 any other party’s access and use of the Services with an Authorised Users’ User Identification; or
21.1.7 any damage to the Services or Technology caused by the Customer or the Authorised Users making changes without the express consent of FCDO Services.

21.2 FCDO Services does not believe that Transfer of Undertakings (Protection of Employment) Regulations 2006 (“TUPE”) will apply in relation to the Services. The Customer shall be liable for, and irrevocably and unconditionally agrees to indemnify FCDO Services and any of its sub-contractors (who shall have no duty to mitigate its/their loss) in full and on demand, and keep them so indemnified, against all claims, demands, actions, proceedings, costs and expenses (including without limitation, on an indemnity costs basis, legal and other professional advisers’ fees) and all direct and indirect damages and direct, indirect and consequential losses claimed or made against or incurred or suffered by FCDO Services or any of its sub-contractors arising or resulting directly or indirectly from or in relation to the employment or termination of employment of any person whose employment transfers to FCDO Services or any of its sub-contractors by virtue of TUPE or otherwise and by reason of the Agreement, or who claims that his/her employment or such claims transfer.

22 Limitation of liability

22.1 Subject to Clause 22.3, save for any express provision in the Order Form, neither Party shall be liable because of Force Majeure Event, any representation or any warranty (express or implied), condition or other term, or any duty at common law, or under the express terms of the Agreement, for:

22.1.1 any loss of profit, business, contracts, opportunity, goodwill, revenues, anticipated savings or similar loss; and/or
21.1.2 any indirect, special or consequential loss or damage (whether for loss of profit or otherwise); and/or
21.1.3 any loss or corruption of software or data (including Customer Data), or any claims or losses by third parties (and in each case, whether these losses are direct, indirect, special or consequential), whether caused by its negligence, breach of contract, tort, breach of statutory duty or otherwise arising out of or in connection with the Agreement.

22.2 Subject to Clause 22.1 and 22.3, total liability in aggregate of FCDO Services to the Customer:

22.2.1 in contract, tort (including negligence), breach of statutory duty (but excluding breaches of its obligations under Clause 13 (Data Protection)) or otherwise arising out of or in connection with the Agreement in the period of twelve (12) months measuring back from the proximate date of causation, shall be limited to an aggregate sum equal to fifty percent (50%) of the aggregate Fees actually paid or due to be paid by the Customer to FCDO Services pursuant to the Agreement and the relevant Order Form in such twelve (12) month period; and

The Customer shall not be entitled to set-off any liabilities of FCDO Services.

22.3 Nothing in the Agreement shall operate or be construed to operate to exclude or restrict the liability of either Party for fraud or for death or personal injury caused by the negligence of a Party or for any other matter for which it would be illegal to limit or exclude or attempt to limit or exclude liability.

22.4 Any typographical, clerical or other error or omission in any sales literature, price list, proposal, Order Form or invoice issued by FCDO Services shall be subject to correction without any liability on the part of FCDO Services.

22.5 The Customer accepts that the indemnity set out in Clause 22.2 above is reasonable in respect of the Services provided and that it will insure against such liability and warrants that it will maintain adequate insurance with a reputable insurer to cover any resulting liability.

22.6 The Customer warrants that the Assumptions are valid, correct and accurate and the Customer shall be responsible for and shall defend, indemnify and hold harmless FCDO Services, from and against all claims, losses, damages, costs (including legal costs), expenses and liabilities of every kind or nature in respect of personal injury, illness or death or damage to or loss of the personal property of any officer, employee, consultant, agent, sub-contractor or representative of the Customer and any other third party, arising out of or in connection with the Assumptions proving to be inaccurate or incorrect.

22.7 FCDO Services may at any time, without notice to the Customer, set off any liability of the Customer to FCDO Services against any liability of FCDO Services to the Customer, whether either liability is present or future, liquidated or unliquidated, and whether or not either liability arises under this Agreement. If the liabilities to be set off are expressed in different currencies, FCDO Services may convert either liability at a market rate of exchange for the purpose of set-off. Any exercise by FCDO Services of its rights under this clause shall not limit or affect any other rights or remedies available to it under this Agreement or otherwise.

22.8 Except in relation to fraudulent misrepresentation:

22.8.1 no Party shall have any right or liability in respect of any statement, representation or promise made prior to the date of the Agreement; and
22.8.2 each Party acknowledges and accepts that, in entering into the Agreement, it has not relied upon any statement, representation or promise except as set out in the Agreement.

22.9 FCDO Services shall maintain insurance policies it is required to under English law to cover its relevant potential liabilities under this Agreement, any and all of which shall have a limit on an aggregate basis and shall not be multiple-claim policies. On the written request of the Customer, FCDO Services shall provide the Customer with a copy of the schedule of its insurance policies. For the avoidance of doubt, nothing in this Agreement shall be construed as a waiver by FCDO Services or its insurer of any right of subrogation its insurer may have save to the extent expressly agreed in any insurance policies maintained in accordance with this Clause.

23 Force majeure

23.1 Neither Party shall have any liability or be deemed to be in breach of the Agreement for any failure to perform its obligations as a result of or due to a Force Majeure Event which affects it ability to perform its obligations.

23.2 The Claiming Party shall promptly notify the other Party in writing of the circumstances of the Force Majeure Event and when the Force Majeure Event ceases.

23.3 Without prejudice to Clause 23.4, if a Claiming Party is prevented from performing its obligations for a continuous period in excess of ninety (90) days, either Party may terminate the Agreement immediately by serving written notice on the other Party, in which case neither Party has any liability to the other except as regards rights and liabilities which have already accrued, which will continue to subsist or are expressed to continue beyond the termination of the Agreement.

23.4 Notwithstanding the occurrence of a Force Majeure Event, payment is to be provided for all Services already supplied by FCDO Services to the Customer.

24 Assignment

24.1 The Customer may not assign, transfer, sub-contract or charge any of its rights, obligations or liabilities in respect of the Agreement without the prior written consent of FCDO Services (at its sole discretion).

25 Waiver

25.1 A waiver of any right under the Agreement is only effective if it is in writing and it applies only to the Party to whom the waiver is addressed and to the circumstances for which it is given.

25.2 Unless specifically provided otherwise in writing, rights arising under the Agreement are cumulative and do not exclude rights provided by law.

25.3 The failure of any Party at any time to require performance of any provision or to resort to any remedy provided under this Agreement shall in no way affect the right of that Party to require performance or to resort to a remedy at any time thereafter, nor shall the waiver by any Party of a breach be deemed to be a waiver of any subsequent breach.

25.4 No course of dealing, nor any failure to exercise, nor any delay in exercising any right, power or privilege hereunder shall operate as a waiver thereof. No waiver of satisfaction of a condition or non-performance of an obligation under this agreement will be effective unless it is in writing and signed by the Party granting the waiver.

26 Severance

26.1 If any of the provisions or part of a provision of the Agreement is judged to be illegal or unenforceable, the continuation in full force and effect of the remainder of the provisions or provision will not be prejudiced unless the substantive purpose of the Agreement is then frustrated, in which case the relevant provisions or part of the provision will deemed to be amended to the minimum extent possible to render it legally enforceable and in-keeping with the spirit of the Agreement.

26.2 If either Party consider a provisions or part provision of the Agreement to be illegal or unenforceable, it shall notify the other Party and the Parties shall negotiate in good faith to agree a replacement provision, amended to the minimum extent possible, to achieve the intended commercial result of the original provision. Such consent shall not be unreasonably withheld by either Party.

27 No partnership or agency

27.1 Nothing in the Agreement shall be intended to or shall operate to create a partnership between the Parties, or authorise either Party to act as agent for the other, and neither Party shall have the authority to act in the name or on behalf of or otherwise to bind the other in any way (including, but not limited to, the making of any representation or warranty, the assumption of any obligation or liability and the exercise of any right or power).

28 Notices

28.1 Any notices served by the Parties may be emailed, delivered by hand or sent by first class or equivalent, pre-paid, recorded delivery or equivalent post marked for the attention of the other Party’s relevant contact specified in the relevant Order Form. Notice is not validly served if sent by fax or, save as otherwise expressly provided in these Conditions.

28.2 All notices under this Clause 28 will be deemed duly served:

28.2.1 in the case of a notice delivered by hand, at the time of delivery;
28.2.2 in the case of a notice sent to or from within the United Kingdom by first class, pre-paid, recorded delivery, two (2) Business Days after the date of dispatch;
28.2.3 in the case of a notice sent from outside the United Kingdom by recorded delivery airmail, seven (7) business days (being business days in the place to which the notice is dispatched) after the date of dispatch; and
28.2.4 in the case of a notice sent by email, on the Business Day of delivery provided delivery is before 5:00pm on a Business Day. Otherwise delivery shall be deemed to occur on the next Business Day. An email shall be deemed delivered when sent unless an error message is received.

28.3 In case of complaint on the performance of the Agreement by FCDO Services, the Customer shall first send written notice to FCDO Services’ Commercial Agreement Manager with reasonable detail on the nature and subject of the complaint and allow a period of seven (7) days for the FCDO Services’ contact to respond. If the Customer is unsatisfied with the response of the FCDO Services’ contact, it may contact the Commercial Director of FCDO Services and subsequently, if deemed appropriate by either Party, follow the procedure laid out in Clause 32 (Dispute Resolution).

29 Third party rights

29.1 The Agreement does not confer any rights on any person or party (other than the Parties to the Agreement and, where applicable, their successors and permitted assigns) pursuant to the Contracts (Rights of Third Parties) Act 1999.

30 Governing law and jurisdiction

30.1 The Agreement is governed by and shall be construed in accordance with the laws of England and Wales. Any dispute arising out of or in connection with the Agreement shall be subject to the exclusive jurisdiction of the courts of England and Wales save that FCDO Services shall be entitled to seek injunctive relief in any court of competent jurisdiction.

31 Change control procedure

31.1 Where either Party (“the Initiating Party”) wishes to make material changes to the Specification which may alter the Services are provided, supplied or delivered, then the Initiating Party shall notify the other Party of these proposed changes in writing (“Change Request”).

31.2 The Change Request shall contain sufficient detail to enable the recipient of the Change Request to determine the full impact of the proposed change.

31.3 FCDO Services will produce a price estimate for the implementation of the proposed change and a proposal as to how such price will be met (“Cost Estimate”).

31.4 The Parties will negotiate any Change Request and the Cost Estimate in good faith, but a change will only be implemented where both duly authorised Parties agree to the Change Request in writing.

31.5 Where the Customer is the Initiating Party, FCDO Services shall be entitled to make a reasonable charge for considering any Change Request.

31.6 FCDO Services reserves the right to make any change to the Services or Specification which is necessary to comply with any change in legislation and/or regulation taking effect after the date of this Agreement. All costs of such change shall be met by the Customer, or where in FCDO Services’ reasonable opinion a change is necessary to ensure compliance with any legislation and/or regulation, FCDO Services reserves the right to terminate the Agreement immediately (at its sole discretion) by serving written notice on the Customer (subject to a reimbursement (on a pro-rata basis) of any Fees already paid by the Customer for Services not yet provided by FCDO Services in the event that:

31.6.1 FCDO Services determines that it is not reasonably and/or commercially possible to make a change to the Services in order to comply with the change required in Clause 31.6 without materially affecting the Services and/or the Agreement; and/or
31.6.2 the Customer notifies FCDO Services that it shall not pay the costs of preparing and effecting such changes determined necessary by FCDO Services in response to change required in this Clause 31.6.

31.7 FCDO Services reserves the right to make any changes to the Specification which are required to conform with any applicable Service Prerequisites, guidelines or industry codes, regulatory and/or statutory or requirements or, where the Services are to be supplied to FCDO Services’ specification, which do not materially affect their quality or performance.

31.8 If any changes are made in accordance with this Clause 31 then FCDO Services shall make appropriate modifications to the Fees to reflect such changes as agreed. The provisions of the Agreement shall then apply to the Fees as so modified.

31.9 On or before the Effective Date, the Parties will each identify to the other in writing the name and contact details of their Commercial Agreement Manager within their respective organisations to whom any request for change should be addressed.

32 Dispute resolution

32.1 The Parties shall commence negotiations for a settlement to any dispute between them arising out of or in connection with the Agreement within ten (10) Business Days of either Party notifying the other of the dispute such efforts shall involve the escalation of the dispute to the authorised representative (or equivalent) of each Party as previously notified in or pursuant to the Agreement.

32.2 Nothing in this dispute resolution procedure shall prevent the Parties from seeking from any court of the competent jurisdiction an interim order restraining the other Party from doing any act or compelling the other Party to do any act.

32.3 If the dispute cannot be resolved by the Parties pursuant to Clause 32.1 the dispute shall be referred to mediation pursuant to the procedure set out in Clause 32.5 unless (a) FCDO Services considers in its sole discretion that the dispute is not suitable for resolution by mediation; or (b) the Customer does not agree to mediation.

32.4 The performance of the Agreement shall not be suspended, cease or be delayed by the reference of a dispute to mediation, and the Customer and Authorised User shall comply fully with the requirements of the Agreement at all times.

32.5 The procedure for mediation and consequential provisions relating to mediation are as follows:

32.5.1 a neutral adviser or mediator (the “Mediator”) shall be chosen by agreement between the Parties or, if they are unable to agree upon a Mediator within ten (10) Business Days after a request by one Party to the other, or if the Mediator agreed upon is unable or unwilling to act (together the “Mediator Proposal Date”), either Party shall within ten (10) Business Days of the Mediator Proposal Date apply to the Centre for Effective Dispute Resolution (“CEDR”) to appoint a Mediator;
32.5.2 the Parties shall within ten (10) Business Days of the appointment of the Mediator, meet with them in order to agree a programme for the exchange of all relevant information and the structure to be adopted for negotiations to be held. If considered appropriate, the Parties may at any stage seek assistance from CEDR to provide guidance on a suitable procedure;
32.5.3 unless otherwise agreed, all negotiations connected with the dispute and any settlement agreement relating to it shall be confidential and without prejudice to the rights of the Parties in any future proceedings. The Customer hereby acknowledges and agrees that FCDO Services reserves the right to report such information to the Government when FCDO Services is directed to disclose it by the Government or the Government’s request for disclosure of said information is made as part of its duties and/or function;
32.5.4 if the Parties reach settlement on the resolution of the dispute, the settlement shall be reduced to writing and shall be binding on the Parties once it is signed by their duly authorised representatives;
32.5.5 failing agreement, either of the Parties may invite the Mediator to provide a non-binding but informative opinion in writing. Such an opinion shall constitute Confidential Information and shall be provided on a without prejudice basis and shall not be used in evidence in any proceedings relating to the Agreement without the prior written consent of both Parties; and
32.5.6 if the Parties fail to reach agreement in the structured negotiations within sixty (60) days of the Mediator being appointed, or such longer period as may be agreed by the Parties, then any dispute or difference between them may be referred to and finally determined by the arbitration procedure set out in Clause 32.6.

32.6 If any arbitration proceedings are commenced pursuant to Clause 32.5, the following provisions shall apply:

32.6.1 the arbitration shall be governed by the provisions of the Arbitration Act 1996;
32.6.2 FCDO Services shall give a written notice of arbitration to the Customer (the “Arbitration Notice”) stating:
32.6.3 that the dispute is referred to arbitration; and
32.6.4 providing details of the issues to be resolved;
32.6.5 the London Court of International Arbitration (the “LCIA”) procedural rules in force at the date that the dispute was referred to arbitration in accordance with Clause 32.5 shall be applied and are deemed to be incorporated by reference to the Agreement and the decision of the arbitrator shall be binding on the Parties in the absence of any material failure to comply with such rules;
32.6.6 the tribunal shall consist of a sole arbitrator to be agreed by the Parties;
32.6.7 if the Parties fail to agree the appointment of the arbitrator within 10 (ten) days of the notice of arbitration being issued or if the person appointed is unable or unwilling to act, the arbitrator shall be appointed by the LCIA;
32.6.8 the arbitration proceedings shall take place in London and in the English language; and
32.6.9 the arbitration proceedings shall be governed by, and interpretations made in accordance with, English law.

33 Schedule 1 – Definitions and interpretation

In these Conditions, the following words shall have the following meanings:

Acquired Rights Directive:	the Council Directive 77/187 of 14 February 1977;
Additional Services:	any services, including consultancy services or the provision of extra features or functionality, provided to the Customer or any Service Beneficiary by FCDO Services in conjunction or otherwise in connection with the Services;
Advance Notice:	72 hours or longer;
Agreement:	the documented requirements and agreement incorporating these Conditions for the sale and purchase of the Services, Additional Services or any of them as recorded in an Order Form;
Assumptions:	the assumptions (if any) made by the Parties to the Agreement, in relation to the supply of the Services and the performance of the Agreement, which are set out in the relevant Order Form;
Authorised Users:	those employees, agents, independent contractors and inanimate consumers (e.g. generic use accounts and any ICT hardware that connects to or consumes the Services) of the Customer and of the Service Beneficiary who are authorised, pursuant to the terms and in accordance with the requirements of the Agreement, by the Customer or the Service Beneficiary, as the case may be, to use the Services;
Bribery Act:	the Bribery Act 2010 and any subordinate legislation made under that Act from time to time together with any guidance or codes of practice issued by the relevant government department concerning the legislation;
Business Day:	any day which is not a Saturday, Sunday or public holiday in the UK;
CEDR:	has the meaning ascribed in Clause 32.5.1;
Change Request:	has the meaning ascribed in Clause 31.1;
Claiming Party:	the Party claiming a Force Majeure Event;
Client Access Licence or CAL:	the relevant third-party software licence for granting access to each Authorised User or device in respect of any third-party software accessed and used by the Customer Service beneficiary or Authorised Users through the Services;
Cloud Services:	cloud services provided by FCDO Services’, including any or any combination of SaaS, IaaS, or PaaS, or Support Services as more particularly specified in the Order Form(s) reference to which in these Conditions shall be deemed to include reference to any SaaS–Software, Technology or Documentation comprised in the Services as the context so admits;
Code of Connection:	any or all of the PSN and/or FCDO Services code(s) of connection as amended from time to time and notified in writing to the Customer by FCDO Services;
Commercial Agreement Manager:	the point of contact in the first instance of a dispute or change request;
Conditions:	these terms and conditions including its Schedules;
Confidential Information:	information that is proprietary or confidential and is clearly labelled as such or identified as Confidential Information or which, by its nature, should be properly regarded as Confidential Information including such information relating to a Party’s technology, research, development, products, services, prices, customers, employees, contractors, marketing plans, finances, contracts, agreements, legal or business affairs whether or not marked as confidential or marked in accordance with the UK Government Security Classifications Policy (where applicable));
Consumer Price Index:	the Consumer Prices Index (all items) (United Kingdom) as published by the Office for National Statistics from time to time, or failing such publication, such other index as the Parties may agree most closely resembles such index;
Cost Estimate:	has the meaning given in Clause 31.3;
Customer Data:	the data, including any documents, text, images or sounds or any database consisting of any of these, provided, generated, processed, stored or transmitted by the Customer, Service Beneficiaries, Authorised Users, or FCDO Services on the Customer’s or Authorised Users’ behalf in the consumption of the Services, for the purpose of using the Services or facilitating the Customer’s use of the Services;
Customer Delay:	any delay to FCDO Services in performing its obligations under the Agreement which is caused by, or is attributable to, a failure by the Customer to promptly perform its own obligations under the Agreement, including but not limited to the prompt provision of information;
Customer Integrations:	has the meaning ascribed in Clause 11.6;
Customer Interface:	the web-based interface hosted by FCDO Services by which the Customer, Service Beneficiary and Authorised User may access Services;
Customer Services:	the cloud based services sold or otherwise made available by the Customer to Service Beneficiaries and/or to Authorised Users based on the Customer Software;
Customer Software:	software provided by the Customer whether hosted by the Customer or by FCDO Services;
Customer:	the person identified as such on the Order Form;
Data Processing Agreement:	the agreement between the Parties in the form set out in Schedule 2;
Documentation:	such documents as are made available to the Customer by FCDO Services from time to time, whether in hardcopy, online or electronically, including Service Definitions, Security Operating Procedures, Codes of Connection, which set out the description, definition or rules governing the use of the Services or any Additional Services and any user instructions for the Services or any Additional Services;
Due Date:	thirty (30) days from the date of the relevant invoice;
Effective Date:	the date upon which the Agreement comes into effect as set out in Clause 2.3;
Enhancement:	any correction, modification, customization, revision, enhancement, improvement, update, upgrade, new release or other change to any Technology or to the Services or Additional Services;
Environmental Information Regulations:	Environmental Information Regulations 2004;
EUD:	End User Device, being a device supplied to the Customer by FCDO Services under a separate agreement to the Agreement and subject to the terms and conditions of that agreement;
FCDO Services:	the Secretary of State for Foreign, Commonwealth and Development Affairs as represented by FCDO Services an Executive Agency of the Foreign, Commonwealth and Development Office and a Trading Fund;
Fees:	the price payable to FCDO Services by the Customer for the Services, Additional Services, or any of them;
Financial Year:	means the United Kingdom’s public sector fiscal year running from 1^st April in one year to 31^stMarch in the subsequent year;
FOIA:	the Freedom of Information Act 2000 and any subordinate legislation made under such Act from time to time;
Force Majeure Event:	the occurrence after the date of the Agreement of events which result from circumstances outside the control of the Claiming Party and which directly cause the Claiming Party to be unable to comply with all or a material part of its obligations (other than payment) under the Agreement;
Government:	means the government of the United Kingdom including any government minsters, government departments, and any government bodies, persons, commissions or agencies;
IaaS:	Infrastructure as a Service as defined in the relevant Service Definitions, including all modifications, updates and extensions thereto;
Information Disclosure Obligations:	the meaning prescribed it under Section 84 of the FOIA and / or under the Environmental Information Regulations as the context requires;
Instance:	a copy of software installed on a physical or virtual server or on a desktop, laptop, tablet or other device;
Intellectual Property Rights:	(a) copyright, rights related to or affording protection similar to copyright, rights in databases, patents and rights in inventions, semi-conductor topography rights, trademarks, service marks, database rights, rights in internet domain names and website addresses and other rights in goodwill, trade names, designs, know-how, trade secrets and other rights in confidential information; (b) applications for registration, and the right to apply for, renew or extend registration, for any of the rights listed at (a) above that are capable of being registered in any country or jurisdiction; and (c) all other rights having equivalent or similar effect in any country or jurisdiction;
LCIA:	has the meaning ascribed in Clause 32.6.5;
Mediator:	has the meaning ascribed in Clause 32.5.1;
Order Form:	the order form provided by FCDO Services for the Customer’s use and raised by or on behalf of the Customer for or including any Services or any Additional Services, and given or sent to FCDO Services;
PaaS:	Platform as a Service as defined in the relevant Service Definitions, including all modifications, updates and extensions thereto;
Party:	a party to this Agreement (i.e. the Customer or FCDO Services) as the context so admits;
Personal Data:	has the meaning set out in the Data Processing Agreement;
Post:	has the meaning ascribed in Clause 10.3;
Price List:	the list of prices applicable to the Services or any Additional Services, or any or any part of them, as amended from time to time and as set out in the relevant Service Definition or agreed Order Form or as otherwise published or notified to the Customer by FCDO Services;
Prohibited Act:	(a) to directly or indirectly offer, promise or give any person working for or engaged by FCDO Services a financial or other advantage to: (i) induce that person to perform improperly a relevant function or activity; or (ii) reward that person for improper performance of a relevant function or activity; (b) to directly or indirectly request, agree to receive or accept any financial or other advantage as an inducement or a reward for improper performance of a relevant function or activity in connection with an Agreement or any other agreement; or (c) committing any offence: (i) under the Bribery Act; (ii) under legislation creating offences concerning fraudulent acts; (iii) at common law concerning fraudulent acts relating to a Agreement or any other contract with FCDO Services; or (iv) defrauding, attempting to defraud or conspiring to defraud FCDO Services;
PSN:	the Public Service Network, the Government’s high-performance network which helps public sector organisations work together, reduce duplication and share resources;
RAS Equipment:	equipment supplied by FCDO Services under and pursuant to the Agreement for the purposes of enabling or facilitating remote access to the Services;
Relevant Transfer:	a transfer of employment to which the Transfer of Undertaking (Protection of Employment) Regulations 2006 (SI 2006/246) or COSOP (Cabinet Office Statement of Practice) (as applicable) as amended or replaced or any other Regulations implementing the Acquired Rights Directive applies;
Request for Information:	a request for information or an apparent request under FOIA or the Environmental Information Regulations;
SaaS:	Software as a Service as defined in the relevant Service Definitions, including all modifications, updates and extensions thereto;
SaaS–Software:	the online SaaS applications, if any, provided by FCDO Services as part of the Services;
Security Operating Procedures:	the FCDO Services security operating procedures as set out or amended and notified to the Customer from time to time by FCDO Services in writing;
Security Requirements:	the security requirements as set out or amended and notified to the Customer from time to time by FCDO Services in writing to be met (a) in respect of Customer support staff having remote access to FCDO Services’ servers and to the sites or locations from which such remote access is made and/or (b) in order to be granted access to any of FCDO Services’ premises, personnel, IT systems, information security policies, business continuity plan, equipment, materials and records;
Service Beneficiary:	subject to FCDO Services’ express agreement, which it may give or withhold at its absolute discretion, a person identified on the Order Form as one to whom the Services will be provided or made available through or on behalf of the Customer.
Service Commencement Date:	the date upon which the Services or the Additional Services commence or are first made available to the Customer;
Service Definitions:	the details specifications for the Services, Additional Services or any of them as set out or amended and notified to the Customer from time to time by FCDO Services in writing;
Service Prerequisites:	the prerequisites for the supply of Services, Additional Services or any of them as set out or amended and notified to the Customer from time to time by FCDO Services in writing;
Services:	the combination or aggregation of Cloud Services and Additional Services;
Special Conditions:	the special conditions for the supply of Services attached to the relevant Order Form;
Support Services:	the support services more particularly described in the Service Definitions, including all modifications, updates and extensions of such support services;
Technology:	any know-how, processes, methodologies, specifications, designs, inventions, functionality, graphics, techniques, methods, applications, computer programs, user manuals, online documentation, products or other technology and materials of any kind, or any Enhancement thereto, used by FCDO Services in connection with the performance of the Services or any Additional Services or made available by FCDO Services to the Customer, any Authorised User or any third party including any Service Beneficiary;
Term:	the duration of the Agreement, by default being two (2) years from the Effective Date or, if less or extended, such duration as is set out on the relevant Order Form, subject to earlier termination in accordance with these Conditions;
Trading Fund:	a body or part of government established by means of an order under the Government Trading Funds Act 1973;
UK Government Security Classifications Policy:	means the Government’s security classifications policy accessible at https://www.gov.uk/government/publications/government-security-classifications/government-security-classifications-policy-html#definitions-for-official-secret-and-top-secret, as amended from time to time;
Unauthorised Use:	any use, reproduction, distribution, disposition, possession, disclosure or other activity, including, without limitation, any reselling involving any aspect of the Services, Additional Services or FCDO Services or its suppliers’ SaaS–Software Documentation or Technology that is not expressly authorised under the Agreement or otherwise in writing by FCDO Services;
User Identification:	the unique user identification name and password issued or otherwise assigned to each Authorised User for access to and use of the Services through the Customer Interface; and
Virus:	anything or device (including any software, code, file or programme) which may: prevent, impair or otherwise adversely affect the operation of any computer software, hardware or network, any telecommunications service, equipment or network or any other service or device; prevent, impair or otherwise adversely affect access to or the operation of any programme or data, including the reliability of any programme or data (whether by re-arranging, altering or erasing the programme or data in whole or part or otherwise); or adversely affect the user experience, including worms, trojan horses, viruses and other similar things or devices.

1. The following rules of interpretation apply in these Conditions:

1 reference to any statute or statutory provision (including any EU Directive or Regulation) is a reference to that statute or statutory provision as from time to time amended, extended or re-enacted and, in respect of any EU Directive or Regulation, while such Directive or Regulation as amended, extended or re-enacted, holds force in the jurisdiction to whose laws this Agreement is subject;
2 words importing the singular include the plural, words importing any gender include every gender, words importing persons include bodies corporate and unincorporated and (in each case) vice versa;
3 a reference to a company shall include any company, corporation or other body corporate, wherever and however incorporated or established;
4 clause headings shall not affect the interpretation of these Conditions;
5 references to Recitals and Clauses are to the recitals and clauses of these Conditions;
6 any phrase introduced by the terms “including”, “include”, “in particular” or any similar expression will be construed as illustrative and the words following any of those terms will not limit the sense of the words preceding those terms; the words “in writing” and “written” mean “in documented form” whether electronic or hard copy, unless otherwise stated; and
7 all references to a Party or the Parties include their permitted successors and assignees.

SCHEDULE 2 – Part A – Controller to Processor

Data processing agreement

(This Data Processing Agreement is to be entered into by the Customer and FCDO Services as defined in the Services Agreement)

1. Definitions and Interpretation

1.1. In this Data Processing Agreement, the following definitions shall apply, unless the context does not so admit:

Authorised User:	has the meaning set out in the Services Agreement;
Customer:	the Party to this Data Processing Agreement, other than FCDO Services and as defined in the Services Agreement;
Data Controller:	has the meaning set out in the UK GDPR;
Data Loss Event:	any event that results, or may result, in unauthorised access to Personal Data held by FCDO Services under this Data Processing Agreement, and/or actual or potential loss and/or corruption or destruction of Personal Data in breach of this Data Processing Agreement, including any Personal Data Breach;
Data Processor:	has the meaning set out in the UK GDPR;
Data Protection Impact Assessment:	means an assessment undertaken pursuant to Article 35 of the UK GDPR;
Data Protection Legislation:	means all applicable data protection and privacy laws and regulations, guidance and codes of practice issued from time to time by appropriately empowered bodies, which relate to the protection of personal data including, without limitation: (i) the UK GDPR; (ii) the Data Protection Act 2018; (iii) the Data Protection (Charges and Information) Regulations 2018; (iv) the Privacy and Electronic Communications (EC Directive) Regulations 2003; (v) any other legislation in force in the UK from time to time in respect of data protection and privacy guidance and codes of practice issued from time to time by the Data Protection Regulator, in each case as amended, updated or re-enacted from time to time; and (vi) guidance and codes of practice issued by the European Data Protection Board or the Article 29 Working Party prior to 1 Jan 2021;
Data Protection Officer:	has the meaning set out in the UK GDPR;
Data Subject Access Request:	a request made by or on behalf of a Data Subject in accordance with rights granted pursuant to the Data Protection Legislation to access their Personal Data;
Data Subject:	has the meaning set out in the UK GDPR;
FCDO Services:	the Party to this Data Processing Agreement other than the Customer and as defined in the Services Agreement;
Law:	means any law, subordinate legislation within the meaning of Section 21(1) of the Interpretation Act 1978, bye-law, enforceable right within the meaning of Section 2 of the European Communities Act 1972, regulation, order, regulatory policy, mandatory guidance or code of practice, judgment of a relevant court of law, or directives or requirements with which a Party is bound to comply;
Party:	means a party to this Data Processing Agreement;
Personal Data Breach:	has the meaning set out in the UK GDPR;
Personal Data:	has the meaning set out in the UK GDPR and relates only to personal data, or any part of such personal data, provided by the Customer to FCDO Services pursuant to the Services Agreement;
Processing:	has the meaning set out in the UK GDPR and “Process” and “Data Processing” shall be read accordingly;
Protective Measures:	appropriate technical and organisational measures which may include: pseudonymising and encrypting Personal Data, ensuring confidentiality, integrity, availability and resilience of systems and services, ensuring that availability of and access to Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of such measures adopted by it;
Purposes:	means those purposes of the Services Agreement, including the provision and functionality of the Services, in relation to which the Processing of Personal Data, as summarised in the Annex to this Data Processing Agreement, is integral or otherwise necessary;
Security Requirements:	has the meaning given in the Services Agreement;
Service Beneficiary;	has the meaning set out in the Services Agreement;
Services Agreement:	means the agreement for Services, including the Terms, Conditions and Licence to which this Data Processing Agreement is exhibited in Schedule 2, pursuant to which FCDO Services is required to provide Services to the Customer;
Services:	any or any combination of the following services as defined and more particularly specified in or pursuant to the Services Agreement: • IaaS; • SaaS; • the Support Services described in the Service Definitions, including all modifications, updates and extensions of such support services, together with any Additional Services, and any references to IaaS, SaaS, Support Services or Additional Services in this Data Processing Agreement shall be construed accordingly;
Sub-processor:	any third party appointed by the Customer (acting as the Data Processor) or FCDO Services to Process Personal Data for the purposes of or in connection with the Services Agreement; and
UK GDPR:	means EU Regulation 2016/679 on the protection of natural persons with regard to the Processing of personal data and on the free movement of such data as incorporated into domestic United Kingdom law by the European Union (Withdrawal Agreement) Act 2020 and amended by The Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2020.

1.2. The following rules of interpretation apply in this Data Processing Agreement:

1.2.1 reference to any statute or statutory provision is a reference to that statute or statutory provision as from time to time amended, extended or re-enacted;
1.2.2 words importing the singular include the plural, words importing any gender include every gender, words importing persons include bodies corporate and unincorporated and (in each case) vice versa;
1.2.3 clause headings shall not affect the interpretation of the provisions of this Data Processing Agreement;
1.2.4 any phrase introduced by the terms “including”, “include”, “in particular” or any similar expression will be construed as illustrative and the words following any of those terms will not limit the sense of the words preceding those terms; the words “in writing” and “written” mean “in documented form” whether electronic or hard copy, unless otherwise stated; and
1.2.5 all references to a Party or the Parties include their permitted successors and assignees.

2. Obligations of FCDO Services

2.1. The Customer and FCDO Services acknowledge that for the purposes of the Data Protection Legislation the Customer is:

2.1.1 in relation to Personal Data generated by it or its Authorised Users, the Data Controller; or
2.1.2 in relation to Personal Data generated by a Service Beneficiary or that Service Beneficiary’s Authorised Users, the Data Processor; and
FCDO Services is:
2.1.3 in relation to (a) above, the Data Processor; or
2.1.4 in relation to (b) above, a Sub-processor.

2.2. FCDO Services shall Process the Personal Data in compliance with the Data Protection Legislation and, subject to such compliance, only in accordance with the Customer’s written instructions from time to time pursuant to and for the Purposes and shall not Process the Personal Data for any purpose other than a purpose authorised by the Customer.

2.3. FCDO Services shall notify the Customer immediately if it considers at any time that any of the Customer’s instructions infringe the Data Protection Legislation.

2.4. FCDO Services shall:

2.4.1 at the request of the Customer, provide all reasonable assistance to the Customer in the preparation of any Data Protection Impact Assessment by the Customer prior to the commencement of any Processing. Such assistance may, at the discretion of the Customer, include:
- (a) a systematic description of the envisaged processing operations and the purpose of the processing;
- (b) an assessment of the necessity and proportionality of the processing operations in relation to the Services;
- (c) an assessment of the risks to the rights and freedoms of Data Subjects; and
- (d) the measures envisaged to address the risks, including safeguards, security measures and mechanisms to ensure the protection of Personal Data;
2.4.2 ensure that access to the Personal Data is limited to those employees or other personnel who need access to the Personal Data to meet FCDO Services’ obligations under the Agreement or this Data Processing Agreement and for the performance of their duties;
2.4.3 ensure that such employees or other personnel:
- (a) have undergone adequate training in the use, care, protection and handling of Personal Data; and
- (b) are subject to appropriate confidentiality undertakings with FCDO Services and are informed of the confidential nature of the Personal Data and do not publish, disclose or divulge any of the Personal Data to any third party save as permitted by this Data Processing Agreement;
2.4.4 effect and maintain all reasonable Protective Measures to prevent any Data Loss Event or Personal Data Breach and upon written request from the Customer, provide the Customer with a detailed written description of such Protective Measures in place. In the event of the Customer reasonably rejecting Protective Measures put in place by the FCDO Services, FCDO Services must propose alternative Protective Measures to the satisfaction of the Customer. Failure to reject shall not amount to approval by the Customer of the adequacy of the Protective Measures. Protective Measures must take account of the:
- (a) nature of the data to be protected;
- (b) harm that might result from a Data Loss Event;
- (c) state of technological development; and
- (d) cost of implementing any measures;
2.4.5 keep accurate and up-to-date records relating to FCDO Services’ Processing of Personal Data, and shall make available to the Customer on request such information as is reasonably necessary to demonstrate compliance with the obligations set out in this Data Processing Agreement;
2.4.6 always subject to full compliance with the relevant Security Requirements (as determined by FCDO Services acting reasonably but otherwise in its sole discretion), permit the Customer and/or its accredited advisors (at the expense of the Customer) to have access to any business continuity plan and relevant records as may be reasonably required by the Customer upon reasonable notice at any time for the purposes of conducting an audit in order to verify FCDO Services’ compliance with this Data Processing Agreement subject to a maximum of one visit per annum;
2.4.7 at the Customer’s expense, and subject to the relevant Security Requirements provide the Customer and/or its accredited advisors with all reasonable co-operation, access and assistance in relation to each such audit;
2.4.8 notify the Customer as soon as practicable where FCDO Services has received as a result of FCDO Services’ acts or omissions or purported acts or omissions a complaint, notice or other communication from a Data Subject, which relates directly or indirectly to the Processing of the Personal Data or to the Customer’s or the Service Beneficiary’s compliance with the Data Protection Legislation and provide the Customer with full co-operation and assistance in relation to any such complaint, notice or communication;
2.4.9 where the Customer or any Service Beneficiary is required to deal or comply with any enquiry, notice or investigation by the Information Commissioner relating to FCDO Services’ Processing of Personal Data pursuant to the Agreement, co-operate with the Customer to enable the Customer or Service Beneficiary to reasonably comply with its obligations in connection therewith;
2.4.10 restore or recreate in a timely manner all Personal Data that is the subject of a Data Loss Event in breach by FCDO Services or any of FCDO Services’ personnel of this Data Processing Agreement;
2.4.11 only keep the Personal Data provided by the Customer or otherwise obtained in connection with the Agreement for as long as is necessary in order to comply with its contractual obligations thereunder to the Customer or as otherwise required by Law;
2.4.12 notify the Customer in writing of any notices or correspondence received by it relating to the Processing of any Personal Data pursuant to or supplied for the Purposes, including any Data Subject Access Requests, requests from Data Subjects for rectification or erasure of Personal Data, complaints or objections;
2.4.13 promptly notify the Customer in writing if any Personal Data has been Processed or disclosed in breach of this Data Processing Agreement;
2.4.14 promptly notify the Customer if FCDO Services suspects or becomes aware of any actual, threatened or potential Data Loss Event or Personal Data Breach and shall ensure all such notices include full and complete details relating to such breach, in particular:
- (a) the nature and facts of such event or breach including the categories and number of Personal Data records and, if applicable, Data Subjects concerned;
- (b) the contact details of the Data Protection Officer or other representative duly appointed by FCDO Services from whom the Customer can obtain further information relating to such event or breach;
- (c) in so far as they are reasonably apparent, the likely consequences or potential consequences of such event or breach; and
- (d) the measures taken or proposed to be taken by FCDO Services to address such event or breach and to mitigate any possible adverse effects and the proposed implementation dates for such measures; and
2.4.15 unless prohibited by Law, on request at any time and on the expiry or termination of the Agreement at the Customer’s option and expense (i) return all Personal Data and copies of it in such format as the Customer may reasonably require, (ii) securely dispose of the Personal Data, (iii) amend the Personal Data, or (iv) transfer the Personal Data provided such transfer is in accordance with the Data Protection Legislation and otherwise in accordance with the terms of this Data Processing Agreement.

3. Obligations of the Customer

3.1. The Customer acknowledges and agrees, and shall procure that each Service Beneficiary acknowledges and agrees, that to the extent that the Customer, the Service Beneficiary or any Authorised Users access the Services from outside of the UK, in order to carry out the Services and/or FCDO Services’ other obligations under the Agreement Personal Data may be, or may be caused to be, transferred or stored outside the EEA or the country where the Customer, the Service Beneficiary or the Authorised Users is or are located.

3.2. Where the provision of Personal Data from one Party to another involves transfer of such data to outside the UK and/or the EEA, if the prior written consent of the non-transferring Party has been obtained and the following conditions are fulfilled:

3.2.1 the destination country (and if applicable the entity receiving the Personal Data) has been recognised as adequate by the UK government is in accordance with Article 45 of the UK GDPR or DPA 2018 Section 74A and/or the transfer is in accordance with Article 45 of the EU GDPR (where applicable); or
3.2.2 the transferring Party has provided appropriate safeguards in relation to the transfer (whether in accordance with Article 46 of the UK GDPR or DPA 2018 Section 75 and/or Article 46 of the EU GDPR (where applicable)) as determined by the non-transferring Party which could include the relevant parties entering into:
- (a) where the transfer is subject to UK GDPR:
  - (i) the UK International Data Transfer Agreement (the “IDTA”) as published by the Information Commissioner’s Office or such updated version of such IDTA as is published by the Information Commissioner’s Office under section 119A(1) of the DPA 2018 from time to time; or
  - (ii) the European Commission’s Standard Contractual Clauses per decisions 2021/914/EU or such updated version of such Standard Contractual Clauses as are published by the European Commission from time to time (the “EU SCCs”), together with the UK International Data Transfer Agreement Addendum to the EU SCCs (the “Addendum”) as published by the Information Commissioner’s Office from time to time; and/or
- (b) where the transfer is subject to EU GDPR, the EU SCCs, as well as any additional measures determined by the Controller being implemented by the importing party;
3.2.3 the Data Subject has enforceable rights and effective legal remedies;
3.2.4 the transferring Party complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any Personal Data that is transferred (or, if it is not so bound, uses its best endeavours to assist the non-transferring Party in meeting its obligations); and
3.2.5 the transferring Party complies with any reasonable instructions notified to it in advance by the non-transferring Party with respect to the Processing of the Personal Data.

3.3. The Customer shall:

3.3.1 pass to FCDO Services for Processing only such Personal Data, and then only to the extent and in such a manner:
- (a) as is necessary for the Purposes and in accordance with the Data Protection Legislation and,
- (b) where the Customer is acting as Data Processor, only with the express written consent of the Data Controller;
3.3.2 in passing any such Personal Data to FCDO Services comply with the requirement for fair, lawful (and, as applicable, transparent) data Processing as required by the Data Protection Legislation, in respect of notices to, and (where required) appropriate consent to pass their Personal Data to FCDO Services for the Purposes, from all Data Subjects as well as the Customer’s relevant third parties including Service Beneficiaries;
3.3.3 in connection with the Purposes, take all reasonable and/or appropriate Protective Measures against any potential or actual Data Loss Event or Personal Data Breach the result of the acts or omissions of the Customer or within the Customer’s control;
3.3.4 provide FCDO Services with such information and assistance (at no cost to FCDO Services) as FCDO Services may require in order to undertake a, or a further, Data Protection Impact Assessment where FCDO Services reasonably considers (in its sole discretion) that the type of Processing required is likely to result in a high risk to the rights and freedoms of Data Subjects;
3.3.5 ensure that any Personal Data passed to FCDO Services is accurate and up-to-date;
3.3.6 promptly provide such information and assistance as FCDO Services or the Information Commissioner or any other data protection supervisory authority may reasonably require in relation to:
- (a) any Data Subject Access Request or any request from any Data Subject for rectification or erasure of Personal Data, or any complaint, objection to Processing, or other correspondence; or
- (b) any approval of the Information Commissioner or other data protection supervisory authority to any Processing of Personal Data, or any request, notice investigation by such supervisory authority;
3.3.7 not by any act (including any instruction) or omission, cause FCDO Services to be in breach of the Data Protection Legislation;
3.3.8 notify FCDO Services as soon as practicable where the Customer has received a complaint, notice or communication from a Data Subject as a result of the Customer’s acts or omissions, which relates directly or indirectly to the Processing of the Personal Data by FCDO Services or to FCDO Services’ compliance with the Data Protection Legislation and provide FCDO Services (at the Customer’s expense) with full co-operation and assistance in relation to any such complaint, notice or communication; and
3.3.9 where FCDO Services is required to deal or comply with any enquiry, notice or investigation by the Information Commissioner relating to FCDO Services’ Processing of Personal Data pursuant to the Agreement, co-operate with and assist FCDO Services where required to enable FCDO Services to fully comply with its obligations in connection therewith.

4 Sub-processors

4.1. The Customer consents, and will ensure that its Service Beneficiaries consent, to FCDO Services appointing a Sub-processor provided that:

4.1.1 FCDO Services shall be responsible for the acts or omissions of the Sub-processor as if the act or omission was that of FCDO Services;
4.1.2 the Sub-processor’s agreement with FCDO Services, in so far as it relates to Processing of the Personal Data, is on written terms that are materially the same as those set out in this Data Processing Agreement;
4.1.3 FCDO Services notifies the Customer and/or Service Beneficiary in writing of the intended Sub-processor and its Processing;
4.1.4 FCDO Services obtains the written consent of the Customer; and
4.1.5 the Sub-processor is based in the UK only, but the Parties will discuss in good faith and agree any use of a Sub-processor to be based outside of the UK.

4.2. The Parties agree to take account of any guidance issued by the Information Commissioner’s Office. The Customer may upon giving FCDO Services not less than thirty (30) Working Days’ notice, amend this Data Processing Agreement to ensure that it complies with any guidance issued by the Information Commissioner’s Office.

5 Indemnities

5.1. Subject to the limitations of liability set out the Services Agreement, which shall apply to this indemnity and this Data Processing Agreement as if expressly set out and repeated mutatis mutandis herein, each Party (“Indemnifying Party”) shall indemnify and keep indemnified the other Party (“Indemnified Party”) from and against any loss, cost, claim, proceedings, penalty, fine or expense (including legal and other professional advisors costs and expenses) suffered or incurred by the other Party which arises out of or in connection with any failure by the Indemnifying Party (in the case of the Customer, whether the result of its own acts or omissions or those of any Service Beneficiary or Authorised User) to comply with its obligations under this Data Processing Agreement or otherwise under the Data Protection Legislation.

6 Term

6.1. For the avoidance of doubt, but without prejudice to any accrued rights or obligations of either Party, this Data Processing Agreement shall expire or terminate on expiry or termination for any reason of the Services Agreement.

Annex

Description of Personal Data to be processed under the Agreement.

Description	Details
Title and commencement date	[This should be the formal name plus familiar name (if any) of the agreement to which this description of personal data applies together with the commencement date of the agreement]
Subject matter of the processing	[This should be a high level, short description of what the processing is about i.e. its subject matter]
Duration of the processing	[Clearly set out the duration of the processing including dates]
Nature and purposes of the processing	[Please be as specific as possible, but make sure that you cover all intended purposes. The nature of the processing means any operation such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of data (whether or not by automated means) etc. The purpose might include: employment processing, statutory obligation, recruitment assessment etc.]
Type of Personal Data	[Examples here include: name, address, date of birth, NI number, telephone number, pay, images, biometric data etc.]
Categories of Data Subject	[Examples include: Staff (including volunteers, agents, and temporary workers), customers / clients, suppliers, patients, students / pupils, members of the public, users of a particular website etc.]
Plan for return and destruction of the data once the processing is complete UNLESS requirement under union or member state law to preserve that type of data	[Describe how long the data is to be retained for, how it is to be returned or destroyed]
Authorised sub-processors	[Provide details of any agreed sub-processors of data and identify which elements of the data described in this schedule are to be performed by the sub-processor(s). Enter “none” if appropriate.]

SCHEDULE 2 – Part B – Controller to Controller

1. Definitions and Interpretation

1.1. In this Data Processing Agreement, the following definitions shall apply, unless the context does not so admit:

Agreement:	means the agreement for the provision of Services by FCDO Services to the Customer pursuant to which this Data Processing Agreement has been entered into;
Controller:	has the meaning set out in the UK GDPR;
Customer:	means the Party to this Data Processing Agreement, other than FCDO Services and as defined in the Agreement;
Data Loss Event:	any event that results, or may result, in unauthorised access to Personal Data held by either Party under this Data Processing Agreement, and/or actual or potential loss and/or corruption or destruction of Personal Data in breach of this Data Processing Agreement, including any Personal Data Breach;
Data Protection Legislation:	means all applicable data protection and privacy laws and regulations, guidance and codes of practice issued from time to time, which relate to the protection of personal data including, without limitation: (i) the UK GDPR; (ii) the Data Protection Act 2018; (iii) the Data Protection (Charges and Information) Regulations 2018; (iv) the Privacy and Electronic Communications (EC Directive) Regulations 2003; (v) any other legislation in force in the UK from time to time in respect of data protection and privacy guidance and codes of practice issued from time to time by the Data Protection Regulator, in each case as amended, updated or re-enacted from time to time; and (vi) guidance and codes of practice issued by the European Data Protection Board or the Article 29 Working Party prior to 1 Jan 2021;
Data Subject:	has the meaning set out in the UK GDPR;
FCDO Services:	means the Party to this Data Processing Agreement other than the Customer and as defined in the Agreement;
Law:	means any law, subordinate legislation within the meaning of Section 21(1) of the Interpretation Act 1978, bye-law, enforceable right within the meaning of Section 2 of the European Communities Act 1972, regulation, order, regulatory policy, mandatory guidance or code of practice, judgment of a relevant court of law, or directives or requirements with which a Party is bound to comply;
Party:	means a party to this Data Processing Agreement;
Personal Data Breach:	has the meaning set out in the UK GDPR;
Personal Data:	has the meaning set out in the UK GDPR;
Processing:	has the meaning set out in the UK GDPR and “process” and “Data Processing” shall be read accordingly;
Processor:	has the meaning set out in the UK GDPR;
Service Beneficiary:	subject to FCDO Services’ express agreement, which it may give or withhold at its absolute discretion, a person identified in the Agreement as one to whom the Services will be provided or made available through or on behalf of the Customer;
Sub-processor:	any third-party appointed by the Customer (acting as the Processor) or FCDO Services to process Personal Data for the purposes of or in connection with the Agreement; and
UK GDPR:	means EU Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data as incorporated into domestic United Kingdom law by the European Union (Withdrawal Agreement) Act 2020 and amended by the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2020.

1.2. The following rules of interpretation apply in this Data Processing Agreement:

1.2.1 reference to any statute or statutory provision is a reference to that statute or statutory provision as from time to time amended, extended or re-enacted;
1.2.2 words importing the singular include the plural, words importing any gender include every gender, words importing persons include bodies corporate and unincorporated and (in each case) vice versa;
1.2.3 clause headings shall not affect the interpretation of the provisions of this Data Processing Agreement;
1.2.4 any phrase introduced by the terms “including”, “include”, “in particular” or any similar expression will be construed as illustrative and the words following any of those terms will not limit the sense of the words preceding those terms; the words “in writing” and “written” mean “in documented form” whether electronic or hard copy, unless otherwise stated; and
1.2.5 all references to a party or the parties include their permitted successors and assignees.

2. Obligations of FCDO Services

2.1. With respect to Personal Data provided by one Party to another Party for which each Party acts as Controller but which is not under the joint control of the Parties, each Party undertakes to comply with the applicable Data Protection Legislation in respect of their Processing of such Personal Data as Controller.

2.2. Each Party shall Process the Personal Data in compliance with its obligations under the Data Protection Legislation and not do anything to cause the other Party to be in breach of it.

2.3. Where a Party has provided Personal Data to the other Party, the recipient of the Personal Data will provide all such relevant documents and information relating to its data protection policies and procedures as the other Party may reasonably require.

2.4. The Parties shall be responsible for their own compliance with Articles 13 and 14 of the UK GDPR in respect of the Processing of Personal Data for the purposes of this Contract.

2.5. The Parties shall only provide Personal Data to each other:

2.5.1 to the extent necessary to perform the respective obligations under this Agreement;
2.5.2 in compliance with the Data Protection Legislation (including by ensuring all required fair Processing information has been given to affected Data Subjects);
2.5.3 where the provision of Personal Data from one Party to another involves transfer of such data to outside the UK and/or the EEA, if the prior written consent of the non-transferring Party has been obtained and the following conditions are fulfilled:
- (a) the destination country (and if applicable the entity receiving the Personal Data) has been recognised as adequate by the UK government is in accordance with Article 45 of the UK GDPR or DPA 2018 Section 74A and/or the transfer is in accordance with Article 45 of the EU GDPR (where applicable); or
- (b) the transferring Party has provided appropriate safeguards in relation to the transfer (whether in accordance with Article 46 of the UK GDPR or DPA 2018 Section 75 and/or Article 46 of the EU GDPR (where applicable)) as determined by the non-transferring Party which could include the relevant parties entering into:
  - (i) where the transfer is subject to UK GDPR:
- (A) the UK International Data Transfer Agreement (the “IDTA”) as published by the Information Commissioner’s Office or such updated version of such IDTA as is published by the Information Commissioner’s Office under section 119A(1) of the DPA 2018 from time to time; or
- (B) the European Commission’s Standard Contractual Clauses per decisions 2021/914/EU or such updated version of such Standard Contractual Clauses as are published by the European Commission from time to time (the “EU SCCs”), together with the UK International Data Transfer Agreement Addendum to the EU SCCs (the “Addendum”) as published by the Information Commissioner’s Office from time to time; and/or
  - (ii) where the transfer is subject to EU GDPR, the EU SCCs,
    as well as any additional measures determined by the Controller being implemented by the importing party;
2.5.4 the Data Subject has enforceable rights and effective legal remedies;
2.5.5 the transferring Party complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any Personal Data that is transferred (or, if it is not so bound, uses its best endeavours to assist the non-transferring Party in meeting its obligations); and
2.5.6 the transferring Party complies with any reasonable instructions notified to it in advance by the non-transferring Party with respect to the Processing of the Personal Data.

2.6. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, each Party shall, with respect to its Processing of Personal Data as independent Controller, implement and maintain appropriate technical and organisational measures to ensure a level of security appropriate to that risk, including, as appropriate, the measures referred to in Article 32(1)(a), (b), (c) and (d) of the UK GDPR, and the measures shall, at a minimum, comply with the requirements of the Data Protection Legislation, including Article 32 of the UK GDPR.

2.7. A Party Processing Personal Data for the purposes of this Agreement shall maintain a record of its Processing activities in accordance with Article 30 of the UK GDPR and shall make the record available to the other Party upon reasonable request.

2.8. Where a Party receives a request by any Data Subject to exercise any of their rights under the Data Protection Legislation in relation to the Personal Data provided to it by the other Party, including any Service Beneficiary, pursuant to this Agreement (“the Request Recipient”):

2.8.1 the other Party shall provide any information and/or assistance as reasonably requested by the Request Recipient to help it respond to the request or correspondence, at the cost of the Request Recipient; or
2.8.2 where the request or correspondence is directed to the other party and/or relates to the other party’s Processing of the Personal Data, the Request Recipient will:
- (a) promptly, and in any event within 5 Working Days of receipt of the request or correspondence, inform the other party that it has received the same and shall forward such request or correspondence to the other party; and
- (b) provide any information and/or assistance as reasonably requested by the other party to help it respond to the request or correspondence in the timeframes specified by Data Protection Legislation.

2.9. Each party shall promptly notify the other Party upon it becoming aware of any Data Loss Event relating to Personal Data provided by the other party pursuant to this Agreement and shall:

2.9.1 do all such things as reasonably necessary to assist the other Party in mitigating the effects of the Personal Data Breach;
2.9.2 implement any measures necessary to restore the security of any compromised Personal Data;
2.9.3 work with the other Party to make any required notifications to the Information Commissioner’s Office or any other regulatory authority and affected Data Subjects in accordance with the Data Protection Legislation (including the timeframes set out therein); and
2.9.4 not do anything which may damage the reputation of the other Party or that Party’s relationship with the relevant Data Subjects, save as required by any applicable laws.

2.10. Personal Data provided by one Party to the other Party may be used exclusively to exercise rights and obligations under this Agreement.

2.11. Personal Data shall not be retained or Processed for longer than is necessary to perform each Party’s obligations under this Agreement.

3. Indemnities

3.1. Subject to the limitations of liability set out the Agreement, which shall apply to this indemnity and this Data Processing Agreement as if expressly set out and repeated mutatis mutandis herein, each Party (“Indemnifying Party”) shall indemnify and keep indemnified the other Party (“Indemnified Party”) from and against any loss, cost, claim, proceedings, penalty, fine or expense (including legal and other professional advisors costs and expenses) suffered or incurred by the other Party which arises out of or in connection with any failure by the Indemnifying Party (in the case of the Customer, whether the result of its own acts or omissions or those of any Service Beneficiary) to comply with its obligations under this Data Processing Agreement or otherwise under the Data Protection Legislation.

4. Term

4.1. For the avoidance of doubt, but without prejudice to any accrued rights or obligations of either Party, this Data Processing Agreement shall expire or terminate on expiry or termination for any reason of the Agreement.

Term and Conditions for Digital Services

Contents

Recitals

1 Relationship between the parties

2 Basis

3 The services

4 Licence to customer

5 Licence to FCDO Services

6 Access to the services

7 Security

8 Fees and payment

9 Proprietary rights

10 Customer data

11 Customer obligations

12 Codes of connections

12 Data protection

13 Confidential information

15 Freedom of information

16 Anti-bribery and corruption

17 Suspension of services

18 Termination

19 Consequences of termination

20 Change to services

21 Customer indemnities

22 Limitation of liability

23 Force majeure

24 Assignment

25 Waiver

26 Severance

27 No partnership or agency

28 Notices

29 Third party rights

30 Governing law and jurisdiction

31 Change control procedure

32 Dispute resolution

33 Schedule 1 – Definitions and interpretation

Data processing agreement

2. Obligations of FCDO Services

3. Obligations of the Customer

4 Sub-processors

5 Indemnities

6 Term

Annex

SCHEDULE 2 – Part B – Controller to Controller

2. Obligations of FCDO Services

3. Indemnities

4. Term