Terms, Conditions and Licence for Cloud Services
Terms and conditions for ICT customers
- The services
- Licence to customer
- Licence to FCDO Services
- Access to services
- Fees and payment
- Proprietary rights
- Customer data
- Customer obligations
- Data protection
- Confidential information
- Freedom of Information
- Anti-bribery and corruption
- Suspension of services
- Consequences of termination
- Change to services
- Customer indemnities
- Limitation of liability
- Force majeure
- No partnership or agency
- Third party rights
- Governing law and jurisdiction
- Change control procedure
- Dispute resolution
- Definitions and interpretation
1.1 These “Terms, Conditions and Licence for Cloud Services” are to be used where FCDO Services provides Cloud Services (including SaaS, PaaS and IaaS) and / or Additional Services (together, the “Services”) to a Customer.
1.2 There are two models for the provision of Services; a Customer may either:
- (a) allow its Authorised Users (individual users) to access the Services, or
- (b) (subject to the written approval of FCDO Services) sell on the Cloud Services to a third party Service Beneficiary that in turn may allow its Authorised Users (individual users) to access the Cloud Services.
1.3 As FCDO Services does not have a direct contractual relationship with an Authorised User or, save as to any Data Processing Agreement, a Service Beneficiary, some Terms and Conditions have to flow down from applying between FCDO Services and the Customer to apply between the Customer (through the Service Beneficiary if applicable) and the Authorised User.
1.4 The Customer may supplement the Services with its own Customer Software and / or Customer Services for the benefit of the Authorised Users either directly or through the Service Beneficiary.
1.5 The Customer shall complete an Order Form for each and every Service, whether the services are Cloud Services or Additional Services or a combination of both, which shall be supplemented by additional documentation and specifications as appropriate.
1.6 The diagram below is an illustration of the agreement or contractual structure available under these Conditions.
2.1 These Conditions set out the general terms that will govern trading between the Customer and FCDO Services where the Customer requests FCDO Services to provide and FCDO Services agrees to supply any or any combination of the Services.
2.2 The Order Form shall constitute an offer by the Customer to purchase the Services specified thereon from FCDO Services in accordance with these Conditions.
2.3 The Order Form shall be deemed to be accepted on the earlier of:
- (a) FCDO Services issuing written acceptance of the Order Form; or (b) any act by FCDO Services consistent with fulfilling the Order Form, which date shall be the Effective Date.
2.4 FCDO Services shall be entitled to assume that the Customer contact identified in the relevant Order Form or any other customer contact identified (whether formally or informally) by the Customer from time to time has the authority to represent and make any decisions on behalf of the Customer in respect of the Agreement (including decisions relating to the extension or renewal of the Agreement).
2.5 These Conditions apply to the Agreement to the exclusion of any other terms that the Customer seeks to impose or incorporate, whether in any purchase order or otherwise, or which are or have been implied by trade, custom, practice or course of dealing. Except as expressly permitted by the Agreement, no addition to or modification of the Agreement, including of these Conditions, shall be binding upon the Parties unless made by a written instrument signed by duly authorised representatives of FCDO Services and the Customer.
2.6 In relation to the Agreement, in the event of any conflict between the provisions of these Conditions and those of the Order Form, the Security Operating Procedures, the Service Prerequisites or the Service Definition(s), the following descending order of precedence shall apply:
- (a) these Conditions;
- (b) any Supplementary Conditions agreed by the Parties;
- (c) the Security Operating Procedures;
- (d) the Service Prerequisites;
- (e) the Service Definition(s);
- (f) the Order Form; and
- (g) any other documents referenced in these Conditions, the Security Operating Procedures, the Service Prerequisites, the Service Definition(s) and the Order Form, which, to the extent of any conflict, shall be prioritised with those of later date having precedence over those of an earlier date.
2.7 Use of the Services or any of them shall be deemed conclusive evidence of the Customer’s acceptance of these Conditions.
3 The services
3.1 FCDO Services will make the Services available to the Customer during the Term with reasonable skill and care and subject to these Conditions.
3.2 There is no automatic right of the Customer to receive nor obligation of FCDO Services to provide Services under this Agreement beyond the Term.
3.3 The Services will be provided in accordance with the relevant Service Definition(s) and the Order Form subject to the right of FCDO Services to alter or modify all or part of the Services from time to time which alterations and modifications, or both, may include, without limitation, the addition or withdrawal of features, products, services, software, documentation or changes in instructions.
3.4 FCDO Services shall use reasonable efforts to make the Services available 24 hours per day, seven (7) days per week, except where planned or unscheduled maintenance cannot be performed without loss or degradation of Services in which case FCDO Services will endeavour, in so far as practicable and having regard to the degree of urgency, to give Advance Notice to the Customer.
3.5 Notwithstanding Clause 3.4, FCDO Services shall be entitled without liability to take any measures that affect the accessibility of the Services when deemed reasonably necessary for technical, maintenance, operational, or security reasons and FCDO Services reserves the right at any time and without prior notice to the Customer to temporarily discontinue the Services or any of them, change the Services’ hours of operation or to limit the Customer’s access to and use of the Services in order to perform repairs, make modifications to the design, operational method, technical specifications, systems, and other functions or as a result of circumstances beyond FCDO Services’ reasonable control.
3.6 Subject to any consent required under the Data Processing Agreement, FCDO Services may delegate the performance of certain portions of the Services to third parties, but FCDO Services will remain responsible to the Customer for the delivery of the Services.
3.7 The obligations in Clause 3.1 and Clause 3.3 shall not apply to the extent of any non-conformance, which is caused by use of the Services contrary to FCDO Services’ instructions, or modification or alteration of the Services by any party other than FCDO Services or FCDO Services’ duly authorised contractors or agents. If the Services do not reasonably conform to the relevant Service Definitions, FCDO Services will, at its expense, use reasonable commercial endeavours to correct promptly any such non-conformance or provide the Customer with an alternative means of accomplishing the desired performance. Such correction or substitution constitutes the Customer’s sole and exclusive remedy for failure of FCDO Services to provide the Services. Notwithstanding the foregoing, FCDO Services:
- (a) does not warrant that the Customer’s use of the Services will be uninterrupted or error-free; or that the Services, Technology, Documentation, SaaS–Software and/or the information obtained by the Customer through the Services will meet the Customer’s requirements or that the Services, Technology, Documentation or SaaS–Software are free of viruses or other harmful components; and to the fullest extent permitted by law, disclaims all other warranties, express or implied, arising by law or otherwise (including, without limitation, any implied warranty of merchantability, any fitness for a particular purpose, any non-infringement and any implied warranty arising from course of performance, course of dealing or usage of trade) with respect to any error, defect, deficiency, infringement or noncompliance in the Services, the SaaS–Software, the Technology, the Documentation or any other items provided by, through or on behalf of FCDO Services under the Agreement;
- (b) is not responsible for any delays, delivery failures, or any other loss or damage resulting from the transfer of data over communications networks and facilities, including the internet, and by entering into the Agreement the Customer acknowledges that the Services and Documentation may be subject to limitations, delays and other problems inherent in the use of such communications facilities;
- (c) is not responsible for any content downloaded or otherwise obtained through the use of the Services, Technology or any SaaS–Software and such content shall be downloaded or otherwise obtained at the Customer’s own risk and the Customer will be solely responsible for any damage to its computer systems or losses of data that results from same;
- (d) shall not be liable for the Customer’s connection to or the availability or non-availability of PSN; and
- (e) shall not be liable for any prevention of access to the Services or any impairment of the functionality of the Services brought about by any restrictions or limitations imposed on Authorised Users by the Customer or Service Beneficiary.
3.8 The Agreement shall not prevent FCDO Services from entering into similar agreements with third parties, or from independently developing, using, selling or licensing documentation, products and/or services that are similar to those provided under the Agreement.
3.9 FCDO Services warrants that it has and will maintain all necessary licences, consents, and permissions necessary for the performance of its obligations under the Agreement.
3.10 FCDO Services will host and maintain the Customer Interface, and provide the Customer’s, Service Beneficiary and Authorised Users access to the Customer Interface using password protected user accounts.
3.11 FCDO Services may in its sole discretion modify, enhance or otherwise change SaaS–Software and/or the Customer Interface upon prior written notice to the Customer.
3.12 Where responsible for issuing User Identifications, FCDO Services reserves the right to periodically change issued user names or passwords. FCDO Services will provide prompt notice to Customer of any such user name or password changes.
4 Licence to customer
4.1 Subject to the restrictions set out in this Section 4 and the other provisions of these Conditions, FCDO Services hereby grants to the Customer a non-exclusive, non-transferable right to permit the Authorised Users and any Service Beneficiaries to access the Services through the Customer Interface during the Term solely for the Authorised Users’ internal use in the regular course of the Customer’s or Service Beneficiary’s business operations.
4.2 In relation to the Authorised Users, the Customer undertakes that:
- (a) the maximum number of Authorised Users, EUDs or Instances of Customer Software that it authorises to access the Services, Technology and Documentation shall not exceed the number of appropriate CALs or Customer Software licences it has purchased;
- (b) it will procure that any CAL and Customer Software licence is used by no more than one individual Authorised User unless it has been reassigned in its entirety to another individual Authorised User, in which case the prior Authorised User shall no longer have any right to access or use the Services;
- (c) each Authorised User shall keep a secure password for his use of the Services, and that each Authorised User shall keep his password confidential;
- (d) it shall maintain a written, up to date list of current Authorised Users, including those of any Service Beneficiary, and provide such list to FCDO Services within five (5) Business Days of FCDO Services’ written request at any time or times;
- (e) where User Identifications are not assigned to Authorised Users by FCDO Services, the Customer shall permit and shall procure that any Service Beneficiary permits FCDO Services to audit the Customer or any Service Beneficiary in order to establish the User Identification of each Authorised User. Such audit may be conducted no more than once per quarter, at FCDO Services’ expense, and this right shall be exercised with reasonable prior notice, in such a manner as not to substantially interfere with the Customer’s or its Service Beneficiary’s normal conduct of business;
- (f) if any of the audits referred to in Clause 4.2(e) reveal that any User Identification has been provided to any individual who is not an Authorised User, then without prejudice to FCDO Services’ other rights, the Customer shall promptly disable or procure that the Service Beneficiary disables such User Identification and FCDO Services shall not issue any new User Identification to any such individual; and
- (g) if any of the audits referred to in Clause 4.2(e) reveal that the Customer has underpaid Fees to FCDO Services, then without prejudice to FCDO Services’ other rights, the Customer shall pay to FCDO Services an amount equal to such underpayment as calculated in accordance with the prices set out in the Price List together with the cost to FCDO Services of conducting the audit within ten (10) Business Days of the date of the communication of the underpaid Fees.
4.3 The Customer shall not, and the Customer shall procure that each Authorised User shall not access, store, distribute or transmit any Viruses, or any material during the course of its use of the Services that:
- (a) is unlawful, harmful, threatening, defamatory, obscene, infringing, harassing or racially or ethnically offensive;
- (b) facilitates illegal activity;
- (c) depicts sexually explicit images;
- (d) promotes unlawful violence;
- (e) is discriminatory based on race, gender, colour, religious belief, sexual orientation, disability; or
- (f) is in a manner that is otherwise illegal or causes damage or injury to any person or property; and FCDO Services reserves the right, without any liability or prejudice to its other rights, to disable the Customer’s access to any material or related data that breaches the provisions of this Clause 4.3.
4.4 The Customer shall not, and the Customer shall procure that any Service Beneficiary and the Authorised Users shall not:
- (a) except as may be allowed by any applicable law which is incapable of exclusion by agreement between the Parties:
- (i) and except to the extent expressly permitted under these Conditions, attempt to copy, modify, duplicate, create derivative works from, frame, mirror, republish, download, display, transmit, or distribute all or any portion of the Services in any form or media or by any means; or
- (ii) attempt to reverse compile, disassemble, reverse engineer or otherwise reduce to human-perceivable form all or any part of the Services; or
- (b) access all or any part of the Services in order to build a product or service which competes with the Services or any of them; or
- (c) save as expressly permitted by the Agreement in relation to any Service Beneficiary, use the Services, to provide services to third parties; or
- (d) save as expressly permitted pursuant to any other provision of these Conditions, license, sell, rent, lease, transfer, assign, distribute, display, disclose, or otherwise commercially exploit, or otherwise make the Services available to any third party except any Service Beneficiary and the Authorised Users;
- (e) attempt to obtain, or assist third parties in obtaining access to the Services other than as provided under this Section 4; or
- (f) use or launch any automated system other than the Customer Interface, including without limitation, “robots,” “spiders,” “offline readers,” etc., that accesses the Services in a manner that sends more request messages to FCDO Services’ servers than a human can reasonably produce in the normal course of their work in the same period of time by using a conventional on-line web browser.
4.5 The Customer shall not, and shall procure that any Service Beneficiary or Authorised User shall not, in any way, make changes to the system configuration, environment, or tenant that, in the reasonable opinion of FCDO Services, may adversely affect FCDO Services’ ability to fulfil its contractual obligations. Examples include, but are not limited to:
- (a) system host names;
- (b) IP addresses;
- (c) system logging details / functionality; or
- (d) the starting or stopping of any or all of system or maintenance or monitoring services.
Should any system changes be required, they must be requested using the Change Control Procedure via the FCDO Services’ service desk. FCDO Services reserves the right to invoice the Customer for the cost of rectifying any unauthorised changes the Customer, any Service Beneficiary or any Authorised User has made.
4.6 The Customer shall use all reasonable endeavours to prevent any unauthorised access to, or use of, the Services and, in the event of any such unauthorised access or use, promptly notify FCDO Services.
4.7 The rights provided under this Clause 4 are granted to the Customer or through the Customer to the Service Beneficiary only, and shall not be considered granted to any subsidiary or holding company of the Customer or Service Beneficiary unless expressly named in the Agreement.
4.8 Nothing in these Conditions or elsewhere in the Agreement will be interpreted or construed to prohibit or in any way restrict FCDO Services’ right to:
- (a) license, sell or otherwise make available the Services, Technology or Documentation to any third party;
- (b) perform any services for any third party; or
- (c) license, purchase or otherwise acquire any software, technology, products, materials or services from any third party.
4.9 The Customer shall not make the Services available to any Service Beneficiary without the prior express written consent of FCDO Services, which consent shall be a precondition of the relevant Agreement and the licence granted herein, or in such a manner as is in breach of these Conditions or any other provisions of the Agreement. Where the Customer procures the Services solely for the purpose of providing them to one or more Service Beneficiaries, the licence granted to the Customer herein shall continue only for so long as such provision to the last such Service Beneficiary subsists (which, for the avoidance of doubt, shall not exceed the Term) and upon the termination of provision to the last such Service Beneficiary the licence and the Agreement shall terminate automatically.
5 Licence to FCDO Services
5.1 Subject to these Conditions, the Customer grants to FCDO Services a worldwide, non-exclusive, royalty-free license during the Term to use, reproduce, electronically distribute, transmit, have transmitted, perform, display, store, archive, and make derivative works of the Customer Data in order to provide the Services.
5.2 FCDO Services shall have no right to sub-license or resell the Customer Data or any component of the Customer Data.
6 Access to the services
6.1 Where the Services consist only of IaaS or PaaS, the Customer may use and grant access to the Services to Authorised Users or any Service Beneficiary only as a combined solution together with (and integrated into) the Customer Services.
6.2 Save in respect of any RAS Equipment or any EUDs supplied to the Customer by FCDO Services, the Customer is solely responsible for providing, installing and maintaining at its own expense all equipment, facilities and services necessary to enable Authorised Users to access and use the Services and any Documentation through the Customer Interface, including, without limitation, all computer hardware and software, routers, printers, telephone service and internet access.
6.3 The Customer shall comply with all FCDO Services technical interfaces, standards and on-boarding process as notified by FCDO Services to the Customer in writing and as may be varied from time to time in FCDO Services’ sole discretion.
6.4 Where the Customer is not able to comply with Clause 6.3, the Customer may elect to accept a diminished service provided that where, in FCDO Services’ opinion, this option is not viable then FCDO Services shall have the right to terminate the Services with immediate effect.
6.5 Access to the Services is subject to the Service Prerequisites and Security Requirements. Any changes or modifications to the Customer Software and/or Customer Services that, in the reasonable opinion of FCDO Services, are required in order to make them compliant will be the responsibility of the Customer. If the Customer, the Customer Services or the Customer Software do not meet the Service Prerequisites and/or the Security Requirements, and the Customer does not change or modify them accordingly, FCDO Services shall be under no obligation to provide the Services and shall be entitled to terminate this Agreement forthwith without liability to the Customer or its Authorised Users.
6.6 Access to the Services and PSN is subject to the Codes of Connection and conditional on the Customer accepting the Codes of Connection. If the Customer does not accept the Codes of Connection, FCDO Services shall be under no obligation to provide the Services and FCDO Services shall be entitled to terminate this Agreement forthwith without liability to the Customer or its Authorised Users.
6.7 Access to the PSN does not form part of the Services but is subject to the Customer or Service Beneficiary obtaining such access directly from the PSN provider. Failure by the Customer or Service Beneficiary to obtain, or any subsequent loss by the Customer or Service Beneficiary of, such access shall be the sole responsibility of the Customer or the relevant Service Beneficiary and FCDO Services (without liability or prejudice to its rights or remedies), shall be entitled to terminate forthwith any Service for which such access is required.
6.8 This Agreement only considers access through PSN however subject to sponsorship or the specific request of the Customer, FCDO Services could connect to other services (for example PNN or N3). Should alternate access be agreed between the Parties, all references to PSN within this Agreement shall be deemed to apply to such alternate access.
6.9 The Customer acknowledges and shall advise Service Beneficiaries that the Services, due to their inherent security features or procedures, may prevent the Customer’s third party software licence information being automatically sent to the suppliers of such licences and may also result in the loss of some software functionality.
7.1 The Customer shall, and shall procure that its sub-contractors, employees, agents and relevant third parties and all Authorised Users and each Service Beneficiary, comply with the Security Requirements and abide by the provisions of the Official Secrets Acts 1911 to 1989.
7.2 Each Party shall advise the other as soon as it becomes aware of any breach, or potential breach, of the Security Requirements or any other breach, or potential breach, of security, which may adversely affect the Services.
7.3 In respect of all personnel and third parties employed or engaged by the Customer in the use of the Services, the Customer shall comply with the provisions of the Security Requirements for vetting personnel as applicable to the relevant activity/role.
7.4 The Customer shall be responsible for ensuring that all Authorised Users have the appropriate security clearance (as determined by FCDO Services) before being permitted access to the Services.
8 Fees and payment
8.1 The Customer will pay to FCDO Services the Fees as published in the Price List and as more particularly set out in the relevant Order Form on the Due Date.
8.2 FCDO Services will invoice the Customer as follows:
- (a) for one off charges on acceptance of a completed Order Form;
- (b) for the Services, FCDO Services will invoice the Customer in advance commencing on the Service Commencement Date and thereafter at such periodic intervals as are specified in the Order Form for the relevant Services;
- (c) otherwise at such stages or intervals as shall have been agreed in writing with the Customer in respect of a particular Service.
8.3 If any sum payable under the Agreement is not paid by the Due Date for reasons not solely attributable to FCDO Services then:
- (a) FCDO Services shall be entitled to charge the Customer interest on the overdue amount, from the Due Date up to the date of actual payment, after as well as before any judgement, at the prevailing statutory interest rate as determined at https://www.gov.uk/late–commercial–paymentsinterest–debt–recovery/charging–interest–commercial–debt. Such interest shall accrue on a daily basis and be compounded quarterly;
- (b) FCDO Services may withhold or suspend access to the Services under the Agreement until receipt by FCDO Services of all outstanding amounts in full; and
- (c) FCDO Services may terminate the Agreement in accordance with Clause 17.1(b).
8.4 For the purpose of confirming the accuracy of any payment under this Section 8 and to ensure recovery of any shortfall in payment, FCDO Services will have the right (at its own expense) to audit the usage of the Services at the Customer’s or Service Beneficiaries’ premises and this right shall be exercised with reasonable prior notice, in such a manner as not to substantially interfere with the Customer’s normal conduct of business. If an audit reveals a discrepancy of amounts due compared with amounts paid, the Customer shall immediately make good the shortfall. If the audit reveals a discrepancy of 5% percent or more during the audited period, then the Customer shall, in addition to correcting the discrepancy and paying any late interest, also reimburse FCDO Services for all costs of the audit.
8.5 All Fees are exclusive of insurance, value added tax, import duties, withholding tax, stamp duties, sales, use, consumption, transfer or other taxes or similar charges (if any); all such shall be paid by the Customer at the rates and in the manner for the time being prescribed by applicable law.
9 Proprietary rights
9.1 FCDO Services and/or its licensors own all Intellectual Property Rights in the Services, Technology and the Documentation. Except as expressly stated in these Conditions, the Agreement does not grant the Customer, any Authorised User or any third party any rights to, or in, any such Intellectual Property Rights or any other rights or licences in respect of the Services, Technology or the Documentation.
9.2 FCDO Services confirms that it has all the rights in relation to the Services, Technology and the Documentation that are necessary to grant all the rights it purports to grant under, and in accordance with, these Conditions.
9.3 The Customer may choose to, or FCDO Services may invite the Customer, Service Beneficiaries and/or Authorised Users to submit comments or ideas about the Services, including without limitation about how to improve the Services, or other FCDO Services products or services (“Ideas”). By submitting any Ideas, the Customer, Service Beneficiaries and Authorised Users agree that:
- (a) such disclosure is gratuitous, unsolicited and without restriction and will not place FCDO Services under any fiduciary or other obligation;
- (b) FCDO Services is free to disclose the Ideas on a non-confidential basis to anyone or otherwise use the Ideas without any additional compensation to the Customer, Service Beneficiary or Authorised User as the case may be;
- (c) by acceptance of Customer’s or Service Beneficiaries’ or an Authorised Users’ submission, FCDO Services does not waive any rights to use similar or related ideas previously known to FCDO Services, or developed by its employees, or obtained from sources other than the Customer or Service Beneficiaries or the Authorised Users.
10 Customer data
10.1 The Customer shall own all right, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data.
10.2 FCDO Services shall follow its archiving procedures for Customer Data as set out in its Service Definitions. In the event of any loss or damage to Customer Data, save as otherwise provided in any Data Processing Agreement entered into pursuant to Condition 12, the Customer’s sole and exclusive remedy shall be for FCDO Services to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by FCDO Services in accordance with the archiving procedure described in the relevant Service Definition. FCDO Services shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by FCDO Services to perform services related to Customer Data maintenance and back-up).
10.3 The Customer shall be solely responsible for the Customer Data that Authorised Users upload, publish, display, link to or otherwise make available (hereinafter, “Post”) on the Services, and, subject to any obligations of FCDO Services in relation to Personal Data, the Customer agrees that FCDO Services is only acting as a passive conduit for the online distribution and publication of the Customer Data. FCDO Services will not review, share, distribute, or reference any such Customer Data except in pursuance of its obligations as provided in the Agreement, including the Data Processing Agreement, or as may be required by law.
10.4 The Customer shall ensure that all Service Beneficiaries and Authorised Users do not Post any Customer Data that:
- (a) may create a risk of harm, loss, physical or mental injury, emotional distress, death, disability, disfigurement, or physical or mental illness to any person or animal;
- (b) may create a risk of any other loss or damage to any person or property;
- (c) may constitute or contribute to a crime or tort;
- (d) contains any information or content that is unlawful, harmful, abusive, racially or ethnically offensive, defamatory, infringing, invasive of personal privacy or publicity rights, harassing, humiliating to other people (publicly or otherwise), libellous, threatening, or otherwise objectionable;
- (e) contains any information or content that is illegal;
- (f) contains any information or content that the Customer does not have a right to make available under any law or under contractual or fiduciary relationships; or
- (g) contains any information or content that Customer knows is not correct or current.
10.5 The Customer undertakes that the Customer Data will not violate third-party rights of any kind, including without limitation any Intellectual Property Rights, rights of publicity and privacy.
10.6 Save as may be otherwise imposed in relation to Personal Data by law or by the Data Processing Agreement, or where loss or damage is the result of gross negligence or intentional misconduct by FCDO Services or its employees, FCDO Services takes no responsibility and assumes no liability for:
- (a) any Customer Data that Authorised Users or other third parties Post or transmit via the Services, nor for any public display or misuse of Customer Data; or
- (b) any loss or damage of any kind that occurs as a result of the use of any Customer Data that the Customer sends, uploads, downloads, streams, Posts, transmits, displays or otherwise makes available or accesses through Customer’s or Authorised Users’ use of the Services, which shall be solely the Customer’s responsibility.
11 Customer obligations
11.1 The Customer shall comply with (and shall procure that all Authorised Users comply with) the Code of Connection at all times.
11.2 The Customer shall comply with (and shall procure that all Authorised Users comply with) the Security Operating Procedures as made available to the Customer and amended from time to time by or on behalf of FCDO Services.
11.3 The Customer shall:
- (a) provide FCDO Services with:
- (i) all necessary co-operation in relation to the Agreement; and
- (ii) all necessary access to such information as may be required by FCDO Services;
- in order to provide the Services, including but not limited to Customer Data, security access information and configuration services;
- (b) comply with all applicable laws and regulations with respect to its activities under the Agreement;
- (c) carry out all other Customer responsibilities set out in the Agreement in a timely and efficient manner. In the event of any delays in the Customer’s provision of such assistance as agreed by the Parties, FCDO Services may adjust any agreed timetable or delivery schedule as reasonably necessary;
- (d) ensure that the Authorised Users use the Services and the Documentation in accordance with the these Conditions and any other provision of the Agreement and shall be responsible for any Authorised User’s breach of these Conditions or any other provision of the Agreement;
- (e) accept accountability and responsibility for the licensing of all Instances of Customer Software it has stored on FCDO Services’ hosted environment that were or are not supplied by FCDO Services under a SaaS agreement, and on request from FCDO Services, shall provide evidence of appropriate licencing.
- (f) obtain and shall maintain all necessary licences, CALs, consents, and permissions necessary for FCDO Services, its contractors and agents to perform their obligations under the Agreement, including the Services;
- (g) ensure that its network and systems comply with the relevant specifications provided by FCDO Services from time to time; and
- (h) be solely responsible for procuring and maintaining its network connections and telecommunications links from its systems to FCDO Services’ data centres, and all problems, conditions, delays, delivery failures and all other loss or damage arising from or relating to the Customer’s network connections or telecommunications links or caused by the internet.
11.4 Where the Customer is selling on the Services to a third party Service Beneficiary, the Customer:
- (a) irrevocably undertakes to contract with its Service Beneficiary with the incorporation of all the rights and obligations that apply to it as Customer under these Conditions into its contract with the Service Beneficiary by incorporating all the terms of these Conditions that will allow the Customer to fulfil its obligations to FCDO Services, mutatis mutandis; and
- (b) is aware that if it sells the Services to multiple Service Beneficiaries that a breach or any action by any Authorised User resulting in the suspension or termination of the Services may, dependant on the Customer’s method of delivery of the Customer Services, adversely affect all Service Beneficiaries and, for the sake of clarity, not solely the services provided to the Service Beneficiary whose Authorised User caused the suspension or termination of the Services.
12 Data protection
12.1 When in the provision of Services pursuant to the Agreement, FCDO Services is required to process Personal Data on the Customer’s behalf, the Customer shall be the Data Controller and FCDO Services the Data Processor in respect of all such Personal Data unless the Customer is itself, in relation to any such Personal Data, the Data Processor on behalf of a third party Data Controller, in which case FCDO Services shall be a Sub-processor in respect of that Personal Data.
12.2 It shall be a prerequisite to any such processing that the Parties to the Agreement enter into a Data Processing Agreement between them in the form set out in the Schedule to these Conditions.
12.3 The failure of the Customer to execute a Data Processing Agreement pursuant to clause 12.2 where required by FCDO Services shall be, unless it is agreed by both parties that the Services can and shall continue to be provided without the processing of Personal Data, a material breach of the Agreement.
12.4 For the purposes of this Clause 12 the terms “Data Controller”, “Data Processor”, “Personal Data”, “process”, “processing” and “Sub-processor” shall have the meanings set out in the Schedule.
13 Confidential information
13.1 Each Party may be given access to Confidential Information from the other Party in order to perform its obligations under the Agreement. A Party’s Confidential Information shall not be deemed to include information that:
- (a) is or becomes publicly known other than through any act or omission of the receiving Party;
- (b) was in the other Party’s lawful possession before the disclosure;
- (c) is lawfully disclosed to the receiving Party by a third party without restriction on disclosure;
- (d) is independently developed by the receiving Party, which independent development be shown by written evidence; or
- (e) is required to be disclosed by law, by any court of competent jurisdiction or by any regulatory or administrative body.
13.2 Each Party shall hold the other’s Confidential Information in confidence and, unless required by law, not make the other’s Confidential Information available to any third party, or use the other’s Confidential Information for any purpose other than the implementation and performance of the Agreement.
13.3 Each Party shall take all reasonable steps to ensure that the other’s Confidential Information to which it has access is not disclosed or distributed by its employees or agents in violation of the terms of the Agreement.
13.4 Neither Party shall be responsible for any loss, destruction, alteration or disclosure of Confidential Information caused by any third party.
13.5 The Customer acknowledges that details of the Services, and the results of any performance tests of the Services, constitute FCDO Services’ Confidential Information.
13.6 FCDO Services acknowledges that the Customer Data is the Confidential Information of the Customer.
13.7 This Section 13 shall survive termination of the Agreement, however arising.
13.8 Each Party acknowledges and agrees that damages or an account of profits may not be an adequate remedy for a disclosure of Confidential Information in breach of the terms of the Agreement and the injured Party shall also have the right to apply for any equitable or injunctive relief in relation to any such breach.
14 Freedom of information
14.1 By entering into an Agreement, the Customer acknowledges that FCDO Services is subject to the requirements of the FOIA and the Environmental Information Regulations and therefore agrees that it shall assist and co-operate fully with FCDO Services to enable FCDO Services to comply with its Information Disclosure Obligations.
14.2 In accordance with Clause 14.1, the Customer shall and shall procure that its sub-contractors or agents shall:-
- (a) transfer to FCDO Services all Requests for Information that it receives in relation to the subject matter of the Agreement as soon as practicable and in any event within two (2) working days of receiving a Request for Information;
- (b) provide FCDO Services with a copy of all Information in its possession or power in the manner and form that FCDO Services requests as soon as practicable and in any event within five (5) working days (or such other period as FCDO Services may specify) of FCDO Services’ request; and
- (c) provide all necessary assistance as reasonably requested by FCDO Services to enable FCDO Services to respond to the Request for Information within the time for compliance set out in Section 10 of the FOIA or regulation 5 of the Environmental Information Regulations.
14.3 FCDO Services shall be responsible for determining in its sole and absolute discretion and notwithstanding any other provision in the Agreement or any other agreement, whether the Information is exempt from disclosure in accordance with the provisions of the FOIA or the Environmental Information Regulations.
14.4 The Customer agrees that it or its staff, sub-contractors or agents, and shall require that its Service Beneficiaries and Authorised Users shall not respond directly to a Request for Information unless expressly authorised to do so by FCDO Services.
14.5 The Customer acknowledges that (notwithstanding the provisions of this Section 14) FCDO Services may, acting in accordance with the Secretary of State’s Code of Practice on the Discharge of the Functions of Public Authorities under Part 1 of the Freedom of Information Act 2000 (the “Code”), be obliged under the FOIA, or the Environmental Information Regulations to disclose information concerning the Customer or the Services:
- (a) in certain circumstances without consulting the Customer; or
- (b) following consultation with the Customer and having taken their views into account;
provided always that where Clause 14.5(a) applies FCDO Services shall, in accordance with any recommendations of the Code, take reasonable steps, where appropriate, to give the Customer advanced notice, or failing that, to draw the disclosure to the Customer’s attention after any such disclosure.
14.6 If the Customer is subject to the requirements of FOIA and/or the Environmental Information Regulations:
- (a) FCDO Services shall assist and co-operate fully with the Customer to enable the Customer to comply with its Information disclosure obligations; and
- (b) the rights and obligations of the Customer set out in Clauses 14.2 to 14.5 (inclusive) shall apply to FCDO Services (and the rights and obligations of FCDO Services set out in these clauses shall apply to the Customer) mutatis mutandis.
14.7 The Customer acknowledges and agrees that nothing in this Section 14 shall impose any obligation on FCDO Services to disclose to any third party any Customer Data stored in relation to the Services.
15 Anti-bribery and corruption
15.1 The Customer:
- (a) shall not, and shall procure that it and any Service Beneficiary and its Authorised Users shall not, in connection with the Agreement, commit a Prohibited Act;
- (b) warrants, represents and undertakes that it is not aware of any financial or other advantage being given to any person working for or engaged by FCDO Services, or that an agreement has been reached to that effect, in connection with the execution of the Agreement, excluding any arrangement of which full details have been disclosed in writing to FCDO Services before execution of the Agreement.
15.2 The Customer shall:
- (a) if requested, provide FCDO Services with any reasonable assistance, at FCDO Services’ reasonable cost, to enable FCDO Services to perform any activity required by any relevant government or agency in any relevant jurisdiction for the purpose of compliance with the Bribery Act;
- (b) within ten (10) days of the Commencement Date, and annually thereafter, certify to FCDO Services in writing (such certification to be signed by an officer of the Customer) compliance with this Section 15 by the Customer and all persons associated with it or other persons who are supplying goods or services in connection with the Agreement. The Customer shall provide such supporting evidence of compliance as FCDO Services may reasonably request.
15.3 The Customer shall have an anti-bribery policy (which shall be disclosed to FCDO Services) to prevent any it and any Service Beneficiary and any Authorised User from committing a Prohibited Act and shall enforce it where appropriate.
15.4 If any breach of Clause 15.1 is suspected or known, the Customer must notify FCDO Services immediately.
15.5 If the Customer notifies FCDO Services that it suspects or knows that there may be a breach of Clause 15.1, the Customer must respond promptly to FCDO Services’ enquiries, co-operate with any investigation, and allow FCDO Services to audit books, records and any other relevant documentation.
15.6 FCDO Services may terminate the Agreement by written notice with immediate effect if the Customer or any of its Service Beneficiaries or Authorised Users (in all cases whether or not acting with the Customer’s knowledge) breaches Clause 15.1.
15.7 Any notice of termination under Clause 15.6 must specify:
- (a) the nature of the Prohibited Act;
- (b) the identity of the party who FCDO Services believes has committed the Prohibited Act; and
- (c) the date on which the Agreement will terminate.
15.8 Notwithstanding Section 31, any dispute relating to:
- (a) the interpretation of Section 14; or
- (b) the amount or value of any gift, consideration or commission,
shall be determined by FCDO Services and its decision shall be final and conclusive.
15.9 Any termination under Clause 15.6 will be without prejudice to any right or remedy which has already accrued or subsequently accrues to FCDO Services.
16 Suspension of services
16.1 In the event the Customer is in breach of its undertakings or obligations under Section 4 or Section 11 of these Conditions, or fails to pay Fees or any other amount when due, in addition to any other remedies available at law or in equity and without prejudice to any right of termination in Clause 17.1 of these Conditions, FCDO Services will have the right, in its sole reasonable discretion, to immediately suspend Customer’s and Authorised Users’ use and access to the Services or any part thereof.
17.1 The Agreement may be terminated by FCDO Services:
- (a) Subject to Clause 19.3;
- (b) if the Customer defaults in the timely payment of any amounts due to FCDO Services and fails to correct such default within ten (10) days of receipt of written notice;
- (c) immediately, and notwithstanding any right of FCDO Services to suspend the Services for such breach, if the Customer breaches any provisions of Section 4;
- (d) in the event of a material breach by the Customer of any other provision of the Agreement and the Customer fails to correct such breach within thirty (30) days of written notice;
- (e) immediately, in the event that the Customer is unable to comply with the requirements of Section 6 or, in relation to a failure to comply with Clause 6.3, in FCDO Services opinion, the provision of a diminished service to the Customer by FCDO Services pursuant to Clause 6.4 is not viable; or
- (f) immediately, save as provided below, if the Customer becomes subject to any of the following events (or any similar events under the law of any other jurisdiction):
- (i) the Customer suspends, or threatens to suspend, payment of its debts, or is unable to pay its debts as they fall due or admits inability to pay its debts, or (being a company) is deemed unable to pay its debts within the meaning of section 123 of the Insolvency Act 1986, or (being an individual) is deemed either unable to pay its debts or, as having no reasonable prospect of so doing, in either case, within the meaning of section 268 of the Insolvency Act 1986, or (being a partnership) has any partner to whom any of the foregoing apply;
- (ii) the Customer commences negotiations with all or any class of its creditors with a view to rescheduling any of its debts, or makes a proposal for or enters into any compromise or arrangement with its creditors other than (where the Customer is a company) these events take place for the sole purpose of a scheme for a solvent amalgamation of the Customer with one or more other companies or the solvent reconstruction of the Customer;
- (iii) (being a company) a petition is filed, a notice is given, a resolution is passed, or an order is made, for or in connection with the winding up of the Customer, other than for the sole purpose of a scheme for a solvent amalgamation of the Customer with one or more other companies or the solvent reconstruction of the Customer;
- (iv) (being an individual) the Customer is the subject of a bankruptcy petition or order;
- (v) a creditor or encumbrancer of the Customer attaches or takes possession of, or a distress, execution, sequestration or other such process is levied or enforced on or sued against, the whole or any part of its assets and such attachment or process is not discharged within fourteen (14) days;
- (vi) (being a company) an application is made to court, or an order is made, for the appointment of an administrator or if a notice of intention to appoint an administrator is given or if an administrator is appointed over the Customer;
- (vii) (being a company) a floating charge holder over the Customer’s assets has become entitled to appoint or has appointed an administrative receiver;
- (viii) a person becomes entitled to appoint a receiver over the Customer’s assets or a receiver is appointed over the Customer’s assets;
- (ix) any event occurs, or proceeding is taken, with respect to the Customer in any jurisdiction to which it is subject that has an effect equivalent or similar to any of the events mentioned in Clause 17.1(e)(i) to Clause 17.1(e)(viii) inclusive;
- (x) the Customer suspends, or threatens to suspend, or ceases or threatens to cease to carry on, all or substantially the whole of its business;
- (xi) the Customer’s financial position deteriorates to such an extent that in FCDO Services’ opinion the Customer’s capability to adequately fulfil its obligations under the Agreement has been placed in jeopardy;
- (xii) (being an individual) the Customer dies or, by reason of illness or incapacity (whether mental or physical), is incapable of managing his or her own affairs or becomes a patient under any mental health legislation; or
- (xiii) the Customer undergoes a change of control, within the meaning of section 416 of the Income and Corporation Taxes Act 1988, which in FCDO Services’ opinion impacts adversely and materially on the performance of the Agreement.
17.2 FCDO Services may only exercise its right under Clause 17.1(e)(xiii) within six (6) months of becoming aware of a change of control and shall not be permitted to do so where it has agreed in advance to the particular change of control that occurs. The Customer shall notify FCDO Services immediately when any change of control occurs.
17.3 The Agreement may be terminated by the Customer for any reason upon ninety (90) days’ written notice to FCDO Services. Email notification shall suffice as written notification to FCDO Services.
17.4 The Agreement may be terminated for convenience by FCDO Services upon thirty (30) days’ written notice if Services continue to be provided beyond the Term of the Agreement without a new Order Form being agreed between the Parties. Email notification shall suffice as written notification to the Customer.
17.5 The Agreement will terminate automatically in the circumstances described in Clause 4.9.
18 Consequences of termination
18.1 Termination of the Agreement shall be without prejudice to the accrued rights or remedies of the Parties under the Agreement or in law or equity at the date of termination. Upon termination of the Agreement pursuant to Section 17, unless otherwise specifically provided for in writing by the Parties, the following will apply:
- (a) the license rights granted to Customer, Service Beneficiaries and Authorised Users with respect to the Services, the SaaS–Software and the Documentation will terminate effective as of the effective date of the termination;
- (b) the Customer will and will cause Service Beneficiaries and Authorised Users to return to FCDO Services any property of FCDO Services in their possession or control (and retain a single copy of all Confidential Information if required for statutory purposes) to FCDO Services for statutory purposes and provide a certificate of destruction for the balance of Confidential Information;
- (c) FCDO Services will return to the Customer any and all Confidential Information of the Customer in its possession or provide a single copy of all Confidential Information to Customer for statutory purposes and provide a certificate of destruction for the balance of the Confidential Information;
- (d) unless otherwise agreed upon by the Parties, FCDO Services will have no obligation to provide the Services to the Customer or Authorised Users after the effective date of the termination;
- (e) the Customer will pay to FCDO Services any amounts payable for the Customer’s and Authorised Users’ use of the Services to the effective date of the termination; and
- (f) the Customer will pay to FCDO Services any early termination fees stipulated in the Price List or the Order Form.
19 Change to services
19.1 FCDO Services reserves the right to make any changes to the Services which are required to conform with the laws of England and Wales and the European Union and any other laws or regulations, regulatory policies, Security Prerequisites, Codes of Connection, PSN requirements, guidelines or industry codes which apply to the provision of the Services, which do not materially affect their quality or performance.
19.2 Subject to Clause 19.1, any
- (a) changes to the Agreement, including these Conditions; or
- (b) changes affecting the quality, performance, nature, extent or service definition(s) of Services being delivered under the Agreement ); shall be subject to the Change Control Procedure.
19.3 Where FCDO Services is required to make any change to the Services which is necessary to comply with any change in legislation and/or regulation taking effect after the date of this Agreement, FCDO Services (having used reasonable endeavours to continue providing the Services) reserves the right to terminate the Agreement by serving thirty (30) days written notice on the Customer (subject to a reimbursement of Fees already paid in respect of Services not yet provided on a pro-rata basis).
20 Customer indemnities
20.1 The Customer shall defend, indemnify and hold harmless FCDO Services and its subsidiaries, agents, managers, and other affiliated companies, and their employees, contractors, agents, officers and directors, from and against any and all claims, damages, obligations, losses, liabilities, costs or debt, and expenses (including but not limited to court costs and legal fees) arising from:
- (a) the Customer’s, any Service Beneficiary’s and any Authorised Users’ use of and access to the Services including any data or work transmitted or received by the Customer, Service Beneficiary or Authorised Users;
- (b) the Customer’s, any Service Beneficiary’s or an Authorised User’s violation of any term of Agreement;
- (c) the Customer’s, any Service Beneficiary’s or an Authorised User’s violation of any third-party right, including without limitation any right of privacy, publicity rights or Intellectual Property Rights;
- (d) the Customer’s, any Service Beneficiary’s or an Authorised User’s violation of any law, rule or regulation of any country in relation to the use of the Services or Customer Data whether or not in breach of the terms of the Agreement;
- (e) any claim or damages that arise as a result of any of the Customer Data or any data that are submitted via user accounts;
- (f) any other party’s access and use of the Services with an Authorised Users’ User Identification; or
- (g) any damage to the Services or Technology caused by the Customer or the Authorised Users making changes without the express consent of FCDO Services
20.2 FCDO Services does not believe that Transfer of Undertakings (Protection of Employment) Regulations 2006 (“TUPE”) will apply in relation to the Services. The Customer shall be liable for, and irrevocably and unconditionally agrees to indemnify FCDO Services and any of its sub-contractors (who shall have no duty to mitigate its/their loss) in full and on demand, and keep them so indemnified, against all claims, demands, actions, proceedings, costs and expenses (including without limitation, on an indemnity costs basis, legal and other professional advisers’ fees) and all direct and indirect damages and direct, indirect and consequential losses claimed or made against or incurred or suffered by FCDO Services or any of its sub-contractors arising or resulting directly or indirectly from or in relation to the employment or termination of employment of any person whose employment transfers to FCDO Services or any of its sub-contractors by virtue of TUPE or otherwise and by reason of the Agreement, or who claims that his/her employment or such claims transfer.
21 Limitation of liability
21.1 Subject to Clause 21.3, save for any express provision in the Order Form, neither Party shall be liable because of any representation or any warranty (express or implied), condition or other term, or any duty at common law, or under the express terms of the Agreement, for any loss of profit, business, contracts, opportunity, goodwill, revenues, anticipated savings or similar loss, or any loss or corruption of software or data (including Customer Data), or any claims or losses by third parties (and in each case, whether these losses are direct, indirect, special or consequential); whether caused by its negligence, breach of contract, tort, breach of statutory duty or otherwise arising out of or in connection with the Agreement.
21.2 Subject to Clause 21.3, any other liabilities of FCDO Services to the Customer in contract, tort (including negligence), breach of statutory duty or otherwise arising out of or in connection with the Agreement in any period of twelve (12) months measuring back from the proximate date of the causation, shall be limited to an aggregate sum equal to the aggregate Fees actually paid or due to be paid by the Customer to FCDO Services pursuant to the Agreement and the relevant Order Form in such twelve (12) month period; set-off is not permitted.
21.3 Nothing in the Agreement shall operate or be construed to operate so as to exclude or restrict the liability of either Party for fraud or for death or personal injury caused by the negligence of a Party or for any other matter for which it would be illegal to limit or exclude or attempt to limit or exclude liability.
21.4 Any typographical, clerical or other error or omission in any sales literature, price list, proposal, Order Form or invoice issued by FCDO Services shall be subject to correction without any liability on the part of FCDO Services.
22 Force majeure
22.1 Neither Party shall have any liability or be deemed to be in breach of the Agreement for any Force Majeure Event.
22.2 The Claiming Party shall promptly notify the other Party in writing of the circumstances of the Force Majeure Event and when the Force Majeure Event ceases.
22.3 Without prejudice to Clause 22.4, if a Claiming Party is prevented from performing its obligations for a continuous period in excess of ninety (90) days, either Party may terminate the Agreement immediately by serving written notice on the other Party, in which case neither Party has any liability to the other except as regards rights and liabilities which have already accrued, which will continue to subsist or are expressed to continue beyond the termination of the Agreement.
22.4 Notwithstanding the occurrence of a Force Majeure Event, payment is to be provided for all Services already supplied by FCDO Services to the Customer.
23.1 Neither Party may assign, transfer, sub-contract or charge any of its rights and obligations in respect of the Agreement.
24.1 A waiver of any right under the Agreement is only effective if it is in writing and it applies only to the Party to whom the waiver is addressed and to the circumstances for which it is given.
24.2 Unless specifically provided otherwise, rights arising under the Agreement are cumulative and do not exclude rights provided by law.
24.3 The failure of any Party at any time to require performance of any provision or to resort to any remedy provided under this Agreement shall in no way affect the right of that Party to require performance or to resort to a remedy at any time thereafter, nor shall the waiver by any Party of a breach be deemed to be a waiver of any subsequent breach.
24.4 No course of dealing, nor any failure to exercise, nor any delay in exercising any right, power or privilege hereunder shall operate as a waiver thereof.
24.5 No waiver of satisfaction of a condition or non-performance of an obligation under this agreement will be effective unless it is in writing and signed by the Party granting the waiver.
25.1 If any provision (or part of a provision) of the Agreement is found by any court or administrative body of competent jurisdiction to be invalid, unenforceable or illegal, the other provisions shall remain in force.
25.2 If any invalid, unenforceable or illegal provision would be valid, enforceable or legal if some part of it were deleted, the provision shall apply with whatever modification is necessary to give effect to the commercial intention of the Parties.
26 No partnership or agency
26.1 Nothing in the Agreement shall be intended to or shall operate to create a partnership between the Parties, or authorise either Party to act as agent for the other, and neither Party shall have the authority to act in the name or on behalf of or otherwise to bind the other in any way (including, but not limited to, the making of any representation or warranty, the assumption of any obligation or liability and the exercise of any right or power).
27.1 Any notices served by the Parties may be delivered by hand or sent by first class or equivalent, prepaid, recorded delivery or equivalent post marked for the attention of the other Party’s relevant contact specified in the relevant Order Form. Notice is not validly served if sent by fax or, save as otherwise expressly provided in these Conditions, if sent by e-mail.
27.2 All notices under this Section 27 will be deemed duly served:
- (a) in the case of a notice delivered by hand, at the time of delivery;
- (b) in the case of a notice sent to or from within the United Kingdom by first class, pre-paid, recorded delivery, two (2) clear business days after the date of dispatch; and
- (c) in the case of a notice sent from outside the United Kingdom by recorded delivery airmail, seven (7) business days (being business days in the place to which the notice is dispatched) after the date of dispatch
27.3 In case of complaint on the performance of the Agreement by FCDO Services, the Customer shall first send written notice to FCDO Services’ contact (as set out on the Order Form) with reasonable detail on the nature and subject of the complaint and allow a period of seven (7) days for the FCDO Services’ contact to respond. If the Customer is unsatisfied with the response of the FCDO Services’ contact, it may contact the Commercial Director of FCDO Services.
28 Third party rights
28.1 The Agreement not confer any rights on any person or party (other than the Parties to the Agreement and, where applicable, their successors and permitted assigns) pursuant to the Contracts (Rights of Third Parties) Act 1999.
29 Governing law and jurisdiction
29.1 The Agreement and these Conditions are governed by and shall be construed in accordance with the laws of England and Wales and any dispute arising out of or in connection with it shall be subject to the exclusive jurisdiction of the courts of England and Wales save that FCDO Services shall be entitled to seek injunctive relief in any court of competent jurisdiction.
30 Change control procedure
30.1 On or before commencement of the Agreement, the Parties will each identify to the other the name and contact details of the person or persons within their respective organisations to whom any request for change should be addressed (“Agreement Manager”).
30.2 Where either Party wishes to initiate a change to any of the terms of the Agreement, it shall issue a written change request to the other (“Agreement Change Request”). FCDO Services will provide an impact assessment of the proposed change(s) as soon as reasonably practicable, but in any event within ten (10) Business Days of the later of:
- (a) the date of issue or receipt by FCDO Services of the Agreement Change Request;
- (b) the date on which it receives from the Customer all further information it reasonably requires for the purpose of making the impact assessment.
30.3 Where the Customer desires change to some aspect of the Services being delivered under the Agreement, which is not capable of being dealt with by the issue of an Agreement Change Request or of a further Order Form, it shall make a written request to FCDO Services (“Operational Change Request”). As well as details of the change(s) desired, the Operational Change Request will set forth the timescale in which it is proposed the desired change(s) be made. FCDO Services will provide an impact assessment of the proposed changes in accordance with the timescale set out in Clause 30.2 or such other timescale as the Parties may agree, having regard to the extent or complexity of the desired changes.
30.4 For administrative convenience, FCDO Services may from time to time specify the format in which any Agreement Change Request or Operational Change Request should be set out.
30.5 Where the respective Agreement Managers of the Parties cannot agree a change request or any specific aspects of it, the Parties shall escalate the request to the appropriate senior managers within their respective organisations for further negotiation and discussion.
30.6 Each Party shall bear its own costs in relation to the preparation and consideration of any Agreement Change Request or Operational Change Request; however should the costs of consideration by FCDO Services of a request be excessive, the Parties will agree appropriate responsibilities for the costs. The making of any change request shall be without prejudice to the rights of either Party under the Agreement and FCDO Services shall be under no obligation to agree to any change requested by the Customer.
30.7 Where the Parties agree an Agreement Change Request, the agreed changes shall be executed by the Parties and shall constitute a binding variation to the Agreement.
30.8 Nothing in this Section 30 shall limit or otherwise affect FCDO Services’ right to make changes pursuant to Clause 19.1.
31 Dispute resolution
31.1 The Parties shall attempt in good faith to negotiate a settlement to any dispute between them arising out of or in connection with the Agreement within thirty (30) days of either Party notifying the other of the dispute such efforts shall involve the escalation of the dispute to the authorised representative (or equivalent) of each Party as previously notified in or pursuant to the Agreement.
31.2 Nothing in this dispute resolution procedure shall prevent the Parties from seeking from any court of the competent jurisdiction an interim order restraining the other Party from doing any act or compelling the other Party to do any act.
31.3 If the dispute cannot be resolved by the Parties pursuant to Clause 31.1 the dispute shall be referred to mediation pursuant to the procedure set out in Clause 31.5 unless (a) FCDO Services considers in its sole discretion that the dispute is not suitable for resolution by mediation; or (b) the Customer does not agree to mediation.
31.4 The performance of the Agreement shall not be suspended, cease or be delayed by the reference of a dispute to mediation and the Customer and Authorised User shall comply fully with the requirements of the Agreement at all times.
31.5 The procedure for mediation and consequential provisions relating to mediation are as follows:
- (a) A neutral adviser or mediator (the “Mediator”) shall be chosen by agreement between the Parties or, if they are unable to agree upon a Mediator within fourteen (14) days after a request by one Party to the other or if the Mediator agreed upon is unable or unwilling to act, either Party shall within fourteen (14) days from the date of the proposal to appoint a Mediator or within fourteen (14) days of notice to either Party that he is unable or unwilling to act, apply to the Centre for Effective Dispute Resolution (“CEDR”) to appoint a Mediator.
- (b) The Parties shall within fourteen (14) days of the appointment of the Mediator meet with him in order to agree a programme for the exchange of all relevant information and the structure to be adopted for negotiations to be held. If considered appropriate, the Parties may at any stage seek assistance from CEDR to provide guidance on a suitable procedure.
- (c) Unless otherwise agreed, all negotiations connected with the dispute and any settlement agreement relating to it shall be conducted in confidence and without prejudice to the rights of the Parties in any future proceedings.
- (d) If the Parties reach agreement on the resolution of the dispute, the agreement shall be reduced to writing and shall be binding on the Parties once it is signed by their duly authorised representatives.
- (e) Failing agreement, either of the Parties may invite the Mediator to provide a non-binding but informative opinion in writing. Such an opinion shall be provided on a without prejudice basis and shall not be used in evidence in any proceedings relating to the Agreement without the prior written consent of both Parties.
- (f) If the Parties fail to reach agreement in the structured negotiations within sixty (60) days of the Mediator being appointed, or such longer period as may be agreed by the Parties, then any dispute or difference between them may be referred to the Courts unless the dispute is referred to arbitration pursuant to the procedures set out in Clause 31.6.
31.6 Subject to Clause 31.2, the Parties shall not institute court proceedings until the procedures set out in Clause 31.3 and Clause 31.5 have been completed save that:
- (a) FCDO Services may at any time before court proceedings are commenced, serve a notice on the Customer requiring the dispute to be referred to and resolved by arbitration in accordance with the provisions of Clause 31.7.
- (b) if the Customer intends to commence court proceedings, it shall serve written notice on FCDO Services of its intentions and FCDO Services shall have twenty-one (21) days following receipt of such notice to serve a reply on the Customer requiring the dispute to be referred to and resolved by arbitration in accordance with the provisions of Clause 31.7.
- (c) the Customer may request by notice in writing to FCDO Services that any dispute be referred and resolved by arbitration in accordance with the provisions of Clause 31.7, to which FCDO Services may in its discretion consent as it sees fit.
31.7 In the event that any arbitration proceedings are commenced pursuant to Clause 31.6, the following provisions shall apply:
- (a) the arbitration shall be governed by the provisions of the Arbitration Act 1996;
- (b) FCDO Services shall give a written notice of arbitration to the Customer (the “Arbitration Notice”) stating:
- (i) that the dispute is referred to arbitration; and
- (ii) providing details of the issues to be resolved;
- (c) the London Court of International Arbitration (the “LCIA”) procedural rules in force at the date that the dispute was referred to arbitration in accordance with Clause 30.7(b) shall be applied and are deemed to be incorporated by reference to the Agreement and the decision of the arbitrator shall be binding on the Parties in the absence of any material failure to comply with such rules;
- (d) the tribunal shall consist of a sole arbitrator to be agreed by the Parties;
- (e) if the Parties fail to agree the appointment of the arbitrator within 10 (ten) days of the Arbitration Notice being issued by FCDO Services under Clause 30.7(b) or if the person appointed is unable or unwilling to act, the arbitrator shall be appointed by the LCIA;
- (f) the arbitration proceedings shall take place in London and in the English language; and
- (g) the arbitration proceedings shall be governed by, and interpretations made in accordance with, English law.
32 Definitions and interpretation
32.1 In these Conditions, the following words shall have the following meanings:
“Additional Services” means any services, including consultancy services or the provision of extra features or functionality, provided to the Customer or any Service Beneficiary by FCDO Services in conjunction or otherwise in connection with the Services.
“Advance Notice” means 72 hours or longer.
“Agreement” means the documented requirements and agreement incorporating these Conditions for the sale and purchase of the Services, Additional Services or any of them as recorded in an Order Form.
“Agreement Change Request” has the meaning ascribed in Clause 30.2.
“Agreement Manager” has the meaning ascribed in Clause 30.1.
“Authorised Users” means those employees, agents, independent contractors and inanimate consumers (e.g. generic use accounts and any ICT hardware that connects to or consumes the Services) of the Customer and of the Service Beneficiary who are authorised, pursuant to the terms and in accordance with the requirements of the Agreement, by the Customer or the Service Beneficiary, as the case may be, to use the Services.
“Bribery Act” means the Bribery Act 2010 and any subordinate legislation made under that Act from time to time together with any guidance or codes of practice issued by the relevant government department concerning the legislation.
“Business Day” means any day which is not a Saturday, Sunday or public holiday in the UK.
“Client Access Licence” or “CAL” means the relevant third party software licence for granting access to each Authorised User or device in respect of any third party software accessed and used by the Customer Service beneficiary or Authorised Users through the Services.
“Change Control Procedure” means the mechanism for making changes to the Agreement during the Term as set out in Section 30 of these Conditions.
“Claiming Party” means the Party claiming a Force Majeure Event.
“Cloud Services” means cloud services provided by FCDO Services’, including any or any combination of SaaS, IaaS, or PaaS, or Support Services as more particularly specified in the Order Form(s) reference to which in these Conditions shall be deemed to include reference to any SaaS–Software, Technology or Documentation comprised in the Services as the context so admits.
“Code of Connection” means any or all of the PSN and / or FCDO Services code(s) of connection as amended from time to time and notified in writing to the Customer by FCDO Services.
“Conditions” means these terms and conditions.
“Confidential Information” means information that is proprietary or confidential and is clearly labelled as such or identified as Confidential Information or which, by its nature, should be properly regarded as Confidential Information including such information relating to a Party’s technology, research, development, products, services, prices, customers, employees, contractors, marketing plans, finances, contracts, agreements, legal or business affairs.
“Core Hours” means 7.00 am to 7.00 pm local UK time, each Business Day.
“Customer” means the person identified as such on the Order Form.
“Customer Data” means the data, including any documents, text, images or sounds or any database consisting of any of these, provided, generated, processed, stored or transmitted by the Customer, Service Beneficiaries, Authorised Users, or FCDO Services on the Customer’s or Authorised Users’ behalf in the consumption of the Services, for the purpose of using the Services or facilitating the Customer’s use of the Services.
“Customer Interface” means the web-based interface hosted by FCDO Services by which the Customer, Service Beneficiary and Authorised User may access Services.
“Customer Services” means the cloud based services sold or otherwise made available by the Customer to Service Beneficiaries and / or to Authorised Users based on the Customer Software.
“Customer Software” means software provided by the Customer whether hosted by the Customer or by FCDO Services.
“Data Processing Agreement” means the agreement between the Parties in the form set out in the Schedule.
“Documentation” means such documents as are made available to the Customer by FCDO Services from time to time, whether in hardcopy, online or electronically, including Service Definitions, Security Operating Procedures, Codes of Connection, which set out the description, definition or rules governing the use of the Services or any Additional Services and any user instructions for the Services or any Additional Services.
“Due Date” means thirty (30) days from the date of the relevant invoice.
“Effective Date” means the date upon which the Agreement comes into effect.
“EUD” means End User Device, being a device supplied to the Customer by FCDO Services under a separate agreement to the Agreement and subject to the terms and conditions of that agreement.
“Enhancement” means any correction, modification, customization, revision, enhancement, improvement, update, upgrade, new release or other change to any Technology or to the Services or Additional Services.
“Environmental Information Regulations” means Environmental Information Regulations 2004.
“FCDO Services” means the Secretary of State for Foreign, Commonwealth and Development Affairs as represented by FCDO Services an Executive Agency and Trading Fund of the Foreign, Commonwealth and Development Office.
“Fees” means the price payable to FCDO Services by the Customer for the Services, Additional Services, or any of them.
“FOIA” means the Freedom of Information Act 2000 and any subordinate legislation made under such Act from time to time.
“Force Majeure Event” means the occurrence after the date of the Agreement of events which result from circumstances beyond the reasonable control of the Claiming Party and which directly cause the Claiming Party to be unable to comply with all or a material part of its obligations (other than payment) under the Agreement including, strikes, lock-outs or other industrial disputes (whether involving the workforce of the Party so prevented or of any other Party including subcontractors), nuclear accident or acts of God, war (declared or undeclared) or terrorist activity, insurrections, failure of a third party utility service or data or telecommunications network including the PSN network, nuclear chemical or biological contamination, pestilence; plague; pandemic, riot, civil commotion, explosion, malicious damage (excluding malicious damage involving the employees of the affected Party or its subcontractors), compliance with any new law or governmental order, rule, regulation or direction, accident, breakdown of plant or machinery, fire, flood, or storm or default of suppliers or subcontractors.
“IaaS” means Infrastructure as a Service as defined in the relevant Service Definitions, including all modifications, updates and extensions thereto.
Information Disclosure Obligations the meaning prescribed it under Section 84 of the FOIA and / or under the Environmental Information Regulations as the context requires.
“Instance” means a copy of software installed on a physical or virtual server or on a desktop, laptop, tablet or other device.
“Intellectual Property Rights” means:
(a) copyright, rights related to or affording protection similar to copyright, rights in databases, patents and rights in inventions, semi-conductor topography rights, trademarks, service marks, database rights, rights in internet domain names and website addresses and other rights in goodwill, trade names, designs, know-how, trade secrets and other rights in confidential information;
(b) applications for registration, and the right to apply for, renew or extend registration, for any of the rights listed at (a) above that are capable of being registered in any country or jurisdiction; and
(c) all other rights having equivalent or similar effect in any country or jurisdiction.
“LCIA” has the meaning ascribed in Clause 31.7 (c).
“Mediator” has the meaning ascribed in Clause 31.5 (a).
“Operational Change Request” has the meaning ascribed in Clause 30.3.
“Order Form” means the order form provided by FCDO Services for the Customer’s use and raised by or on behalf of the Customer for or including any Services or any Additional Services, and given or sent to FCDO Services.
“PaaS” means Platform as a Service as defined in the relevant Service Definitions, including all modifications, updates and extensions thereto.
“Party” means a party to this Agreement (i.e. the Customer or FCDO Services) as the context so admits.
“Personal Data” has the meaning set out in the Data Processing Agreement.
“Post” has the meaning ascribed in Clause 10.3.
“Price List” means the list of prices applicable to the Services or any Additional Services, or any or any part of them, as amended from time to time and as set out in the relevant Service Definition or agreed Order Form or as otherwise published or notified to the Customer by FCDO Services.
“Prohibited Act” means:
(a) to directly or indirectly offer, promise or give any person working for or engaged by FCDO Services a financial or other advantage to:
(i) induce that person to perform improperly a relevant function or activity; or
(ii) reward that person for improper performance of a relevant function or activity;
(b) to directly or indirectly request, agree to receive or accept any financial or other advantage as an inducement or a reward for improper performance of a relevant function or activity in connection with an Agreement or any other agreement; or committing any offence:
(i) under the Bribery Act;
(ii) under legislation creating offences concerning fraudulent acts;
(iii) at common law concerning fraudulent acts relating to a Agreement or any other contract with FCDO Services; or
(iv) defrauding, attempting to defraud or conspiring to defraud FCDO Services.
“PSN” means the Public Service Network, the Government’s high-performance network which helps public sector organisations work together, reduce duplication and share resources.
“RAS Equipment” means equipment supplied by FCDO Services under and pursuant to the Agreement for the purposes of enabling or facilitating remote access to the Services.
“Request for Information” means a request for information or an apparent request under FOIA or the Environmental Information Regulations.
“SaaS” means Software as a Service as defined in the relevant Service Definitions, including all modifications, updates and extensions thereto.
“SaaS–Software” means the online SaaS applications, if any, provided by FCDO Services as part of the Services.
“Security Operating Procedures” means the FCDO Services security operating procedures as set out or amended and notified to the Customer from time to time by FCDO Services in writing.
“Security Requirements” means the security requirements as set out or amended and notified to the Customer from time to time by FCDO Services in writing to be met (a) in respect of Customer support staff having remote access to FCDO Services’ servers and to the sites or locations from which such remote access is made and/or (b) in order to be granted access to any of FCDO Services’ premises, personnel, IT systems, information security policies, business continuity plan, equipment, materials and records.
“Service Beneficiary” means subject to FCDO Services’ express agreement, which it may give or withhold at its absolute discretion, a person identified on the Order Form as one to whom the Services will be provided or made available through or on behalf of the Customer.
“Service Commencement Date” means the date upon which the Services or the Additional Services commence or are first made available to the Customer.
“Service Definitions” means the details specifications for the Services, Additional Services or any of them as set out or amended and notified to the Customer from time to time by FCDO Services in writing.
“Service Prerequisites” means the prerequisites for the supply of Services, Additional Services or any of them as set out or amended and notified to the Customer from time to time by FCDO Services in writing.
“Services” means the combination or aggregation of Cloud Services and Additional Services.
“Support Services” means the support services more particularly described in the Service Definitions, including all modifications, updates and extensions of such support services.
“Technology” means any know-how, processes, methodologies, specifications, designs, inventions, functionality, graphics, techniques, methods, applications, computer programs, user manuals, online documentation, products or other technology and materials of any kind, or any Enhancement thereto, used by FCDO Services in connection with the performance of the Services or any Additional Services or made available by FCDO Services to the Customer, any Authorised User or any third party including any Service Beneficiary.
“Term” means the duration of the Agreement, being two (2) years from the Effective Date or, if less or extended, such duration as is set out on the relevant Order Form, subject to earlier termination in accordance with these Conditions.
“Trading Fund” means a body or part of government established by means of an order under the Government Trading Funds Act 1973.
“Unauthorised Use” means any use, reproduction, distribution, disposition, possession, disclosure or other activity, including, without limitation, any reselling involving any aspect of the Services, Additional Services or FCDO Services or its suppliers’ SaaS–Software Documentation or Technology that is not expressly authorised under the Agreement or otherwise in writing by FCDO Services
“User Identification” means the unique user identification name and password issued or otherwise assigned to each Authorised User for access to and use of the Services through the Customer Interface.
“Virus” means anything or device (including any software, code, file or programme) which may: prevent, impair or otherwise adversely affect the operation of any computer software, hardware or network, any telecommunications service, equipment or network or any other service or device; prevent, impair or otherwise adversely affect access to or the operation of any programme or data, including the reliability of any programme or data (whether by re-arranging, altering or erasing the programme or data in whole or part or otherwise); or adversely affect the user experience, including worms, trojan horses, viruses and other similar things or devices.
32.2 The following rules of interpretation apply in these Conditions:
- (a) reference to any statute or statutory provision (including any EU Directive or Regulation) is a reference to that statute or statutory provision as from time to time amended, extended or reenacted and, in respect of any EU Directive or Regulation, while such Directive or Regulation as amended, extended or re-enacted holds force in the jurisdiction to whose laws this Agreement is subject;
- (b) words importing the singular include the plural, words importing any gender include every gender, words importing persons include bodies corporate and unincorporated and (in each case) vice versa;
- (c) a reference to a company shall include any company, corporation or other body corporate, wherever and however incorporated or established;
- (d) clause headings shall not affect the interpretation of these Conditions;
- (e) references to Recitals, Clauses and Sections are to the recitals, clauses and sections of these Conditions.
- (f) any phrase introduced by the terms “including”, “include”, “in particular” or any similar expression will be construed as illustrative and the words following any of those terms will not limit the sense of the words preceding those terms; the words “in writing” and “written” mean “in documented form” whether electronic or hard copy, unless otherwise stated; and
- (g) all references to a Party or the Parties include their permitted successors and assignees.
Data processing agreement
This Data Processing Agreement is to be entered into by the Customer and FCDO Services, as defined in the Services Agreement.
1. Definitions and Interpretation
1.1 In this Data Processing Agreement, the following definitions shall apply, unless the context does not so admit:
“Authorised User” has the meaning set out in the Services Agreement.
“Customer” means the Party to this Data Processing Agreement, other than FCDO Services and as defined in the Services Agreement.
“Data Controller” has the meaning set out in the GDPR.
“Data Loss Event” means any event that results, or may result, in unauthorised access to Personal Data held by FCDO Services under this Data Processing Agreement, and/or actual or potential loss and / or corruption or destruction of Personal Data in breach of this Data Processing Agreement, including any Personal Data Breach.
“Data Processor” has the meaning set out in the GDPR.
“Data Protection Impact Assessment” means an assessment undertaken pursuant to Article 35 of the GDPR.
“Data Protection Legislation” means:
- EU Directive 95/46/EC
- EU Directive 2016/680 (“LED”)
- Regulation (EU) 2016/679 (“GDPR”)
- The Data Protection Act 2018 (“DPR”) together with all applicable laws and regulations relating to processing of Personal Data, including where applicable the guidance and codes of practice issued by the Information Commissioner or any government department or statutory body.
“Data Protection Officer” has the meaning set out in the GDPR.
“Data Subject” means has the meaning set out in the GDPR.
“Data Subject Access Request” means a request made by or on behalf of a Data Subject in accordance with rights granted pursuant to the Data Protection Legislation to access their Personal Data.
“FCDO Services” means the Party to this Data Processing Agreement other than the Customer and as defined in the Services Agreement.
“Law” means any law, subordinate legislation within the meaning of Section 21(1) of the Interpretation Act 1978, bye-law, enforceable right within the meaning of Section 2 of the European Communities Act 1972, regulation, order, regulatory policy, mandatory guidance or code of practice, judgment of a relevant court of law, or directives or requirements with which a Party is bound to comply.
“Party” means a party to this Data Processing Agreement.
“Personal Data” has the meaning set out in GDPR and relates only to personal data, or any part of such personal data, provided by the Customer to FCDO Services pursuant to the Services Agreement.
“Personal Data Breach” has the meaning set out in the GDPR.
“Processing” has the meaning set out in the GDPR and “process” and “Data Processing” shall be read accordingly.
“Protective Measures” means appropriate technical and organisational measures which may include: pseudonymising and encrypting Personal Data, ensuring confidentiality, integrity, availability and resilience of systems and services, ensuring that availability of and access to Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the such measures adopted by it
“Purposes” means those purposes of the Services Agreement, including the provision and functionality of the Services, in relation to which the processing of Personal Data, as summarised in the Annex to this Data Processing Agreement, is integral or otherwise necessary.
“Security Requirements” has the meaning given in the Services Agreement.
“Service Beneficiary” has the meaning set out in the Services Agreement.
“Services Agreement” means the agreement for Services, including the Terms, Conditions and Licence to which this Data Processing Agreement is exhibited as a Schedule, pursuant to which FCDO Services is required to provide Services to the Customer.
“Services” means any or any combination of the following services as defined and more particularly specified in or pursuant to the Services Agreement:
- the Support Services described in the Service Definitions, including all modifications, updates and extensions of such support services, together with any Additional Services.
And any references to IaaS, SaaS, Support Services or Additional Services in this Data Processing Agreement shall be construed accordingly.
“Sub-processor” means any third party appointed by the Customer (acting as the Data Processor) or FCDO Services to process Personal Data for the purposes of or in connection with the Services Agreement.
1.2 The following rules of interpretation apply in this Data Processing Agreement:
- (a) reference to any statute or statutory provision (including any EU Directive or Regulation) is a reference to that statute or statutory provision as from time to time amended, extended or reenacted and, in respect of any EU Directive or Regulation, while such Directive or Regulation as amended, extended or re-enacted holds force in the jurisdiction to whose laws this Data Processing Agreement is subject;
- (b) words importing the singular include the plural, words importing any gender include every gender, words importing persons include bodies corporate and unincorporated and (in each case) vice versa;
- (c) clause headings shall not affect the interpretation of the provisions of this Data Processing Agreement;
- (d) any phrase introduced by the terms “including”, “include”, “in particular” or any similar expression will be construed as illustrative and the words following any of those terms will not limit the sense of the words preceding those terms; the words “in writing” and “written” mean “in documented form” whether electronic or hard copy, unless otherwise stated; and
- (e) all references to a Party or the Parties include their permitted successors and assignees.
2. Obligations of FCDO Services
2.1 The Customer and FCDO Services acknowledge that for the purposes of the Data Protection Legislation the Customer is:
- (a) in relation to Personal Data generated by it or its Authorised Users, the Data Controller; or
- (b) in relation to Personal Data generated by a Service Beneficiary or that Service Beneficiary’s Authorised Users, the Data Processor; and
FCDO Services is:
- (c) in relation to (a) above, the Data Processor; or,
- (d) in relation to (b) above, a Sub-processor.
2.2 FCDO Services shall process the Personal Data in compliance with the Data Protection Legislation and, subject to such compliance, only in accordance with the Customer’s written instructions from time to time pursuant to and for the Purposes and shall not process the Personal Data for any purpose other than a purpose authorised by the Customer.
2.3 FCDO Services shall notify the Customer immediately if it considers at any time that any of the Customer’s instructions infringe the Data Protection Legislation.
2.4 FCDO Services shall:
- (a) at the request of the Customer, provide all reasonable assistance to the Customer in the preparation of any Data Protection Impact Assessment by the Customer prior to the commencement of any processing;
- (b) ensure that access to the Personal Data is limited to those employees or other personnel who need access to the Personal Data to meet FCDO Services’ obligations under the Agreement or this Data Processing Agreement and for the performance of their duties;
- (c) ensure that such employees or other personnel:
- (i) have undergone adequate training in the use, care, protection and handling of Personal Data; and
- (ii) are subject to appropriate confidentiality undertakings with FCDO Services and are informed of the confidential nature of the Personal Data and do not publish, disclose or divulge any of the Personal Data to any third party save as permitted by this Data Processing Agreement;
- (d) effect and maintain all reasonable Protective Measures to prevent any Data Loss Event or Personal Data Breach and upon written request from the Customer, provide the Customer with a detailed written description of such Protective Measures in place;
- (e) keep accurate and up-to-date records relating to FCDO Services’ processing of Personal Data, and shall make available to the Customer on request such information as is reasonably necessary to demonstrate compliance with the obligations set out in this Data Processing Agreement;
- (f) always subject to full compliance with the relevant Security Requirements (as determined by FCDO Services acting reasonably but otherwise in its sole discretion), permit the Customer and/or its accredited advisors (at the expense of the Customer) to have access to any of FCDO Services’ premises, personnel, IT systems, information security policies, business continuity plan, equipment, materials and relevant records as may be reasonably required by the Customer upon reasonable notice at any time for the purposes of conducting an audit in order to verify FCDO Services’ compliance with this Data Processing Agreement subject to a maximum of one visit per annum;
- (g) at the Customer’s expense, and subject to the relevant Security Requirements provide the Customer and/or its accredited advisors with all reasonable co-operation, access and assistance in relation to each such audit;
- (h) notify the Customer as soon as practicable where FCDO Services has received as a result of FCDO Services’ acts or omissions or purported acts or omissions a complaint, notice or other communication from a Data Subject, which relates directly or indirectly to the processing of the Personal Data or to the Customer’s or the Service Beneficiary’s compliance with the Data Protection Legislation and provide the Customer with full co-operation and assistance in relation to any such complaint, notice or communication.
- (i) where the Customer or any Service Beneficiary is required to deal or comply with any enquiry, notice or investigation by the Information Commissioner relating to FCDO Services’ processing of Personal Data pursuant to the Agreement, co-operate with the Customer to enable the Customer or Service Beneficiary to reasonably comply with its obligations in connection therewith;
- (j) restore or recreate in a timely manner all Personal Data that is the subject of a Data Loss Event in breach by FCDO Services or any of FCDO Services’ personnel of this Data Processing Agreement.
- (k) only keep the Personal Data provided by the Customer or otherwise obtained in connection with the Agreement for as long as is necessary in order to comply with its obligations thereunder to the Customer or as otherwise required by Law;
- (l) notify the Customer in writing of any notices or correspondence received by it relating to the processing of any Personal Data pursuant to or supplied for the Purposes, including any Data Subject Access Requests, requests from Data Subjects for rectification or erasure of Personal Data, complaints or objections.
- (m) promptly notify the Customer in writing if any Personal Data has been processed or disclosed in breach of this Data Processing Agreement;
- (n) promptly notify the Customer if FCDO Services suspects or becomes aware of any actual, threatened or potential Data Loss Event or Personal Data Breach and shall ensure all such notices include full and complete details relating to such breach, in particular:
- (i) the nature and facts of such event or breach including the categories and number of Personal Data records and, if applicable, Data Subjects concerned;
- (ii) the contact details of the Data Protection Officer or other representative duly appointed by FCDO Services from whom the Customer can obtain further information relating to such event or breach;
- (iii) in so far as they are reasonably apparent, the likely consequences or potential consequences of such event or breach; and
- (iv) the measures taken or proposed to be taken by FCDO Services to address such event or breach and to mitigate any possible adverse effects and the proposed implementation dates for such measures.
- (o) unless prohibited by Law, on request at any time and on the expiry or termination of the Agreement at the Customer’s option and expense (i) return all Personal Data and copies of it in such format as the Customer may reasonably require, (ii) securely dispose of the Personal Data, (iii) amend the Personal Data, or (iv) transfer the Personal Data provided such transfer is in accordance with the Data Protection Legislation and otherwise in accordance with the terms of this Data Processing Agreement.
3. Obligations of the Customer
3.1 The Customer acknowledges and agrees, and shall procure that each Service Beneficiary acknowledges and agrees, that to the extent that the Customer, the Service Beneficiary or any Authorised Users access the Services from outside of the UK, in order to carry out the Services and/or FCDO Services’ other obligations under the Agreement Personal Data may be, or may be caused to be, transferred or stored outside the EEA or the country where the Customer, the Service Beneficiary or the Authorised Users is or are located.
3.2 The Customer shall:
- (a) pass to FCDO Services for processing only such Personal Data, and then only to the extent and in such a manner:
- (i) as is necessary for the Purposes and in accordance with the Data Protection Legislation and,
- (ii) where the Customer is acting as Data Processor, only with the express written consent of the Data Controller;
- (b) in passing any such Personal Data to FCDO Services comply with the requirement for fair, lawful (and, as applicable, transparent) data processing as required by the Data Protection Legislation, in respect of notices to, and (where required) appropriate consent to pass their Personal Data to FCDO Services for the Purposes, from all Data Subjects as well as the Customer’s relevant third parties including Service Beneficiaries;
- (c) in connection with the Purposes, take all appropriate Protective Measures against any potential or actual Data Loss Event or Personal Data Breach the result of the acts or omissions of the Customer or within the Customer’s control;
- (d) provide FCDO Services with such information and assistance (at no cost to FCDO Services) as FCDO Services may require in order to undertake a, or a further, Data Protection Impact Assessment where FCDO Services reasonably considers (in its sole discretion) that the type of processing required is likely to result in a high risk to the rights and freedoms of Data Subjects.
- (e) ensure that any Personal Data passed to FCDO Services is accurate and up-to-date.
- (f) promptly provide such information and assistance as FCDO Services or the Information Commissioner or any other data protection supervisory authority may reasonably require in relation to:
- (i) any Data Subject Access Request or any request from any Data Subject for rectification or erasure of Personal Data, or any complaint, objection to processing, or other correspondence; or
- (ii) any approval of the Information Commissioner or other data protection supervisory authority to any processing of Personal Data, or any request, notice investigation by such supervisory authority;
- (g) not by any act (including any instruction) or omission, cause FCDO Services to be in breach of the Data Protection Legislation.
- (h) notify FCDO Services as soon as practicable where the Customer has received a complaint, notice or communication from a Data Subject as a result of the Customer’s acts or omissions, which relates directly or indirectly to the processing of the Personal Data by FCDO Services or to FCDO Services’ compliance with the Data Protection Legislation and provide FCDO Services (at the Customer’s expense) with full co-operation and assistance in relation to any such complaint, notice or communication.
- (i) where FCDO Services is required to deal or comply with any enquiry, notice or investigation by the Information Commissioner relating to FCDO Services’ processing of Personal Data pursuant to the Agreement, co-operate with and assist FCDO Services where required to enable FCDO Services to fully comply with its obligations in connection therewith.
4.1 With the written agreement of the Customer, the Customer having, where necessary, obtained the written agreement of each relevant Service Beneficiary, FCDO Services may appoint a Sub-processor provided that:
- (i) FCDO Services shall be responsible for the acts or omissions of the Sub-processor as if the act or omission was that of FCDO Services;
- (ii) the Sub-processor’s agreement with FCDO Services, in so far as it relates to processing of the Personal Data, is on written terms that are materially the same as those set out in this Data Processing Agreement;
- (iii) FCDO Services provides the Customer with such information regarding the Sub-processor as the Customer or Service Beneficiary may reasonably require.
Subject to the limitations of liability set out the Services Agreement, which shall apply to this indemnity and this Data Processing Agreement as if expressly set out and repeated mutatis mutandis herein, each Party (“Indemnifying Party”) shall indemnify and keep indemnified the other Party (“Indemnified Party”) from and against any loss, cost, claim, proceedings, penalty, fine or expense (including legal and other professional advisors costs and expenses) suffered or incurred by the other Party which arises out of or in connection with any failure by the Indemnifying Party (in the case of the Customer, whether the result of its own acts or omissions or those of any Service Beneficiary or Authorised User) to comply with its obligations under this Data Processing Agreement or otherwise under the Data Protection Legislation.
For the avoidance of doubt, but without prejudice to any accrued rights or obligations of either Party, this Data Processing Agreement shall expire or terminate on expiry or termination for any reason of the Services Agreement.
Description of Personal Data to be processed under the Agreement.
|Title and commencement date||[This should be the formal name plus familiar name (if any) of the agreement to which this description of personal data applies together with the commencement date of the agreement]|
|Subject matter of the processing||[This should be a high level, short description of what the processing is about i.e. its subject matter]|
|Duration of the processing||[Clearly set out the duration of the processing including dates]|
|Nature and purposes of the processing||[Please be as specific as possible, but make sure that you cover all intended purposes.
The nature of the processing means any operation such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of data (whether or not by automated means) etc.
The purpose might include: employment processing, statutory obligation, recruitment assessment etc.]
|[Examples here include: name, address, date of birth, NI number, telephone number, pay, images, biometric data etc.]|
|Categories of Data Subject||[Examples include: Staff (including volunteers, agents, and temporary workers), customers / clients, suppliers, patients, students / pupils,
members of the public, users of a particular website etc.]
|Plan for return and destruction of the data once the processing is complete UNLESS requirement under union or member state law to preserve that type of data||[Describe how long the data is to be retained for, how it is to be returned or destroyed]|
|Authorised subprocessors||[Provide details of any agreed sub-processors of data and identify which elements of the data described in this schedule are to be performed by the sub-processor(s). Enter “none” if appropriate.]|