STANDARD TERMS AND CONDITIONS FOR THE SUPPLY OF SERVICES

1.                Interpretation

1.1          The definitions and rules of interpretation in this condition apply in these terms and conditions (“Conditions”).

Contract                              any contract between the Supplier and the Client for the supply and purchase of the Services formed in accordance with Condition 2

Client                                  a Customer whose order for the Services is accepted by the Supplier in accordance with Condition 2; unless otherwise agreed in writing, this will be the entity to whom all correspondence and Quotations have been addressed.

Ultimate Client                    the end Customer of our Client

Commencement date          agreed date for the start of the service as defined in Schedule 6 or 7(If relevant).

Confidential Information     all information disclosed (whether in writing, orally or by another means and whether directly or indirectly) by a party (“Disclosing Party”) to the other party (“Receiving Party”) whether before or after the date of the Contract including, but not limited to, information relating to the Disclosing Party’s products, operations, processes, plans or intentions, product information, know-how, Intellectual Property Rights, trade secrets, market opportunities and/or business affairs.

Deliverables                        all Documents, products and materials developed by the Supplier solely in relation to a Contract in any form, including computer programs, data, reports and specifications;

Document                           includes any document in writing, any drawing, map, plan, diagram, design, picture or other image, tape, disk, digital or digitally created file or other device or record embodying information in any form;

Equipment                          the computer hardware (including operating system software) listed in Schedule 6 (If relevant).

Exhibits                               all Documents, information and materials required by the Supplier so as to enable the Supplier to carry out the Services including, computers, phones, computer programs, data, reports and specifications, original evidential material and any other material and/or items appropriate to the investigation and required by the Supplier so as to enable the Supplier to provide the Services;

Force Majeure                     any cause preventing the Supplier from performing its obligations which arises from or is attributable to acts,  events, omissions or accidents beyond its control, including, without limitation, strikes, lock-outs or other industrial disputes (whether involving the workforce of the Client, Supplier or any other party), failure of a utility service, failure of IT systems and/or equipment, or transport network, act of God, war, terrorism, riot, civil commotion, malicious damage, compliance with any law or governmental order, rule, regulation or direction, accident, breakdown of plant or machinery, fire, flood, storm or default of suppliers or sub-contractors;

Initial Period                       any initial period as specified in Schedule 3,6 or 7 of this agreement (if relevant).

Intellectual Property Rights all patents, rights to inventions, utility models, copyright and related rights, trademarks, service marks, trade names, business and domain names, rights in trade dress or get-up, rights in goodwill or to sue for passing off, unfair competition rights, rights in designs, rights in computer software, database rights, topography rights, moral rights, rights in confidential information (including know-how and trade secrets) and any other intellectual property rights, in each case whether registered or unregistered and including all applications for and renewals or extensions of such rights, and all similar or equivalent rights or forms of protection in any part of the world;

Location                              the physical situation of the equipment as described in Schedule 6 (if relevant)

Normal Working Hours         09:00 until 17:30 on a Working Day;

Quotation                               a written quotation given by the Supplier to the Client setting out, amongst other things, the scope of the Services and an estimate of the charges payable by the Client in respect of such Services. All quotations are provided on the basis of information provided by the Client to the Supplier but due to the nature of the Services cannot be expected to be prescriptive and Charges may vary in accordance with these Terms and Conditions after commencement of the Services.

Services                              the services to be provided by the Supplier under the Contract in accordance with these Conditions, Quotation and the Supplier’s obligations under the Contract, as may be amended from time to time in accordance with these Conditions;

Supplier                              CY4OR LEGAL Limited incorporated and registered in England and Wales with company number 06295131 whose registered office is at 7 St Petersgate, Stockport, Cheshire, SK1 1EB; CY4OR LEGAL Limited also trading as CYFOR and CYFOR SECURE

VAT                                     value added tax chargeable under English law for the time being and any similar additional tax;

Working Day                       any day other than Saturday or Sunday or a bank or statutory holiday in England.

1.2          Condition headings shall not affect the interpretation of these Conditions.

1.3          A person includes a natural person, corporate or unincorporated body (whether or not having separate legal personality) and that person’s legal and personal representatives, successors and permitted assigns.

1.4          Words in the singular shall include the plural and vice versa.

1.5          A reference to a statute or statutory provision is a reference to it as it is in force for the time being, taking account of any amendment, extension, or re-enactment and includes any subordinate legislation for the time being in force made under it.

1.6          A reference to writing or written includes, but is not limited to, verbal, letters, faxes, emails and text messages.

1.7          Where the words include(s), including or in particular are used in these Conditions, they are deemed to have the words without limitation following them and where the context permits, the words other and otherwise are illustrative and shall not limit the sense of the words preceding them.

1.8          An obligation in a Contract on a person not to do something includes an obligation not to agree, allow, permit or acquiesce in that thing being done.

2         Application of Conditions

2.1          These Conditions shall:

  • apply to and be incorporated into every Contract;
  • prevail over any terms or conditions (whether inconsistent or not) contained, or referred to, in any proposal, confirmation of order, specification or other Document, or implied by law, trade custom, practice or course of dealing;
  • be also be subject to the terms and conditions set out in any supplier Quotation (to the extent that there is any conflict or additional terms); and
  • exclude any terms and conditions of purchase submitted at any time by the Client and whether printed or sent with any order form or otherwise

2.2          No addition to, variation of, exclusion or attempted exclusion of any term of the contract shall be binding on the supplier unless in writing and signed by a duly authorised representative of the Supplier.

2.3          Each order will be deemed to be an offer by the Client to purchase the Services upon these Conditions.  A Contract is formed when the order is accepted by the Supplier by way of written acknowledgement of order or by commencement of the Services.  No Contract will come into existence until a written acknowledgement of order is issued by the Supplier or until the Supplier commences the provision of the Services, whichever occurs earlier.

2.4          Quotations are given by the Supplier on the basis that no Contract shall come into existence except in accordance with Condition 2.2.  Any Quotation is valid for a period of 30 days from its date, provided that the Supplier has not previously withdrawn it.  The Supplier reserves the right to withdraw or revise a Quotation at any time prior to accepting the order from the Client.

3         Supplier’s obligations

3.1          The Supplier shall provide the Services and deliver the Deliverables to the Client.

3.2          The dates mentioned in a Contract and/or any Quotation and/or any order are approximate only and time will not be of the essence as to any performance of the Services and/or delivery of the Deliverables, but the Supplier will use reasonable efforts to fulfil its obligations under a Contract in a timely manner.  Additionally, the Supplier will not be liable for any delay in performing the Services and/or delivering the Deliverables that results from any delay or other failure by the Client in providing any Exhibits and/or Documents and/or other information as may be required by the Contract.

3.3          The Services supplied under a Contract shall continue to be supplied until, in the opinion of the Supplier, the project is completed or until the relevant Contract is terminated in accordance with Condition 11 herewith and condition 5 of the Product specific Terms and Conditions in Schedules 1-7.

3.4          The Supplier shall provide the Services from such premises as it deems appropriate from time to time.

3.5          The Services shall be provided during Normal Working Hours. In the event that any additional support is required outside the Normal Working Hours, such support shall be provided at the Supplier’s standard rate, as notified to the Client from time to time.

3.6          Notwithstanding the foregoing, the Supplier does not warrant that the Services will be uninterrupted or error free.

3.7          The Client acknowledges and agrees that the Supplier is only able to provide the Services based on the information and documents disclosed to it and the Supplier shall not be responsible for any errors when undertaking work on the Client’s behalf.  It is the Client’s responsibility to check all Deliverables produced by the Supplier

3.8          The Supplier will, and usually only if requested to, by the Client, conduct a Conflict Check. This Conflict Check is conducted on a best endeavours basis and will be conducted using information provided to it by the Client. The Client warrants that it will ensure the information it provides to the Supplier is free of errors and indemnifies the Supplier and its agents against any errors or omissions howsoever caused. CYFOR provides no warranties and accepts no liability whatsoever should a conflict be identified at any stage.

3.9          To fulfil the Client’s requirements, the supplier reserves the right to deviate from its routine methodologies

 

4         Client’s obligations

4.1          The Client shall (and to the extent necessary to enable the Supplier to perform the Services, shall procure that its Ultimate Client (“Ultimate Client”) shall):

  • co-operate with the Supplier in all matters relating to the Services and/or Deliverables;
  • provide such access to the Client’s and/or the Ultimate Client’s premises and data, and such office accommodation and other facilities as may reasonably be required by the Supplier for the purposes of the Services and/or Deliverables;
  • provide such access to appropriate numbers of the Client’s and/or the Ultimate Client’s suitably qualified personnel as may reasonably be required by the Supplier for the purposes of the Services and/or Deliverables (including without limitation, the provision of personnel to assist with the extraction of data from network or email servers and assist the Supplier in respect of complex IT infrastructures);
  • provide in a timely manner such other information as the Supplier may request (or which the Client and/or the Ultimate Client knows or ought reasonably to have known that the Supplier would require) in order to carry out the Services and/or deliver the Deliverables, and ensure that it is accurate in all material respects; and
  • inform the Supplier of all health and safety rules and regulations and any other reasonable security requirements that apply at any of the Client’s and/or the Ultimate Client’s premises.

 

5         Change, Variation and Extension to the scope

5.1          If either party wishes to change the scope or execution of the Services and/or Deliverables, it shall submit details of the requested change to the other in writing.

5.2          If the Client requests a change to the scope or execution of the Services and/or Deliverables:

  • the Supplier shall, within a reasonable time (and in any event not more than five Working Days after receipt of the Client’s request), provide a written estimate to the Client of:
    • the likely time required to implement the change;
    • any necessary variations to the Supplier’s charges arising from the change; and
    • any other impact of the change on the terms of the Contract.
  • if the Client does not wish to proceed, there shall be no change to the Contract; and
  • if the Client wishes the Supplier to proceed with the change, the Supplier shall do so after written agreement on the necessary variations to its charges, the Services, the Deliverables and any other relevant terms of the Contract to take account of the change and the Contract shall be varied in accordance with Condition 13.

5.3          If the Supplier requests a change to the scope of the Services and/or Deliverables (whereupon to the extent the Supplier deems it appropriate, it shall provide the Client with the information set out at Condition 5.2(a)), the Client shall not unreasonably withhold or delay consent to it.

5.4          In the event that the Client requires an extension and/or variance to the scope of the Services and/or Deliverables (whether requested by the Client or reasonably deemed to be necessary by the Supplier) and due to time constraints or other factors, it is impractical for the procedure set out Condition 5.2 to be followed then, upon acceptance (whether by communicating such acceptance or by commencing its performance) of such extension by the Supplier the Contract shall be varied in accordance with Condition 15 and the Supplier’s standard rates as set out in the Quotation shall apply in respect of the additional Services and/or Deliverables.

6         Charges and payment

6.1          Invoices will be raised as agreed and/or at appropriate intervals. For the avoidance of doubt, Invoices will be addressed to the Client (the entity to whom the Quotation was addressed) who will be responsible for Payment under the Contract. For the avoidance of doubt, changes to the Client cannot be made without the Suppliers express permission and the provision of a new Quotation, after work has commenced in accordance with the Quotation or after an invoice has been raised.

6.2          Subject to Conditions 6.3 and 6.4, the total price for the provision of the Services and delivery of the Deliverables shall be the amount set out in the Quotation as amended in accordance with any scope extension, variance or changes as set out in Condition 5. The supplier will amend the Invoice and/or reissue an invoice to reflect any errors or omissions as appropriate in the Quotation.

6.3          Unless otherwise stated the Supplier’s charges exclude the cost of hotels, subsistence, travelling and any other ancillary expenses reasonably and properly incurred by the Supplier in connection with the Services and/or Deliverables, and the costs of any materials or services reasonably and properly provided by third parties that are required by the Supplier for the supply of the Services and/or Deliverables.  Such expenses, materials and third-party services shall be invoiced by the Supplier at cost price plus an administration charge of 5% of the total amount provided they have been agreed in advance with the Client.

 

6.4          The Supplier may at any time:

  • withdraw any discount from its normal prices; and
  • revise prices to take account of increases in costs including, without limitation, the cost of any goods, raw materials, transport, labour or overheads, the increase or imposition of any tax, duty or other levy and any variation in exchange rates; and
  • revise prices to take account of increases in costs resulting from unforeseen circumstances (including unforeseen technical difficulties with respect to the Services, difficulties with extracting data from network or email servers, the nature of the work (including value), time spent, urgency, a greater number of Exhibits being the subject of the Services than was contemplated in the Quotation and/or increases in the data size contemplated in the Quotation and the other factors which may also be taken into consideration when arriving at our fees) and/or an extension of the scope of Services and/or Deliverables in accordance with Condition 5.

6.5          The Supplier shall (if applicable) add to the price for the Services, and the Client shall pay an amount equal to any VAT or other sales tax or duty applicable from time to time to the sale or supply of such Services.

6.6          Without Prejudice to condition 6.8, the supplier reserves the right to raise an administration invoice to the Supplier for late payment of invoices. The administration fee will be notified to the Client in advance but, in any event, will not be less then £50.

6.7          The Client is not entitled to withhold payment of any amount due to the Supplier by way of any set-off or counterclaim.

6.8          If the Client fails to pay any amount due to the Supplier under any Contract on the due date, notwithstanding the provisions of Condition 6.8, the Supplier reserves the right to add interest to such amount at the rate of 8% over the base rate for the time being of The Bank of England for the period from the due date until and including the date of receipt (whether before or after judgment).

6.9          Without prejudice to the Supplier’s other rights and remedies, if the Client fails to pay any amount due to the Supplier under any Contract on the due date, the Supplier shall be entitled, upon notification to the Client, to remove the Client’s data (and Exhibits) and destroy or permanently erase the same.

6.10       The Supplier reserves the right to alter or withdraw at any time any credit allowed to the Client.

6.11       The Supplier may offset any amount owing to it from the Client against any amount owed to the Client by the Supplier.

7         Quality of Services

7.1          The Supplier warrants that the Services will be performed (and the Deliverables provided) with reasonable care and skill and that the Services will for a period of 30 days from performance substantially conform with any descriptions and specifications provided to the Client by the Supplier.

7.2          The warranties in Condition 7.1 are given on the following conditions:

  • the Supplier is not liable for any defect in the Services (or Deliverables) caused by any act, neglect or default of the Client or a third party; and
  • the Supplier is not liable for a defect in the Services (or Deliverables) unless it is notified to the Supplier in writing within 7 Working Days of the date of performance or, if the defect would not be apparent upon reasonable inspection, within 60 days of the date of performance.

7.3          The Supplier is not liable for non-performance of any Services unless the Client notifies the Supplier of the claim within 7 Working Days of the date of the alleged non-performance.

8         Intellectual Property Rights

8.1          The Supplier acquires title in and to all of the Intellectual Property Rights arising as a result of the Supplier performing the Services along with all other rights in and to the products of the Services (including the Deliverables) (“Services IPR”).  Subject to receipt by the Supplier of payment in full of all amounts due under the Contract and subject to Condition 11, the Supplier hereby grants to the Client a perpetual, non-exclusive, non-transferable right to use the Services IPR solely for the purpose of receiving the benefit of the Services. For the avoidance of doubt this refers to the processes themselves and not the data.

8.2          Save for the rights granted pursuant to Condition 8.1, the Client shall not acquire any right, title, and/or interest in and to the Services IPR whether by virtue of the Contract or otherwise.

9         Exclusion of Liability

9.1          The Supplier does not exclude its liability (if any) to the Client:

  • for breach of the Supplier’s obligations arising under section 12 Sale of Goods Act 1979 or section 2 Sale and Supply of Goods and Services Act 1982;
  • for personal injury or death resulting from the Supplier’s negligence;
  • for any matter which it would be illegal for the Supplier to exclude or to attempt to exclude its liability; or
  • for fraud.

9.2          Except as provided in Condition 9.1, the Supplier will be under no liability to the Client or any 3rd party whatsoever (whether in contract, tort (including negligence), breach of statutory duty, restriction or otherwise), for any of the following losses or damages whether direct, indirect or consequential:

  • pure economic loss;
  • Consequential loss;
  • loss of actual or anticipated profits;
  • loss of anticipated savings;
  • loss of business;
  • Loss of goods;
  • Loss of use;
  • Loss of contract;
  • Loss caused due to use by the Supplier of Exhibits;
  • Loss or corruption of data or information;
  • loss caused by viruses, trojans, worms, logic bombs, denial of service attack or other material that is malicious or technologically harmful;
  • Loss caused by a GDPR breach in Family and Children court proceedings, where the Ultimate Client as data controller has released personal identifiable information in contravention of current legislation.
  • depletion of goodwill and like loss; and
  • injury to reputation, howsoever caused arising out of or in connection with:
  1. any of the Services or Deliverables, or the manufacture or sale or supply, or failure or delay in supply, of any of the Services or Deliverables by the Supplier or on the part of the Supplier’s personnel, agents or sub-contractors;

 

  1. any breach by the Supplier of any terms of the Contract; or

 

  • any statement made or not made, or advice given or not given, by or on behalf of the Supplier, or otherwise in connection with the Services or Deliverables.

 

9.3          Except as set out in Condition 9.1, the Supplier hereby excludes to the fullest extent permissible in law, all conditions, warranties and stipulations, express (other than those set out in these Conditions) or implied, statutory, customary or otherwise which, but for such exclusion, would or might subsist in favour of the Client.

9.4          Each of the Supplier’s personnel, agents and sub-contractors may rely upon and enforce the exclusions and restrictions of liability in Conditions 9.2 and 9.3 in that person’s own name and for that person’s own benefit, as if the words “its personnel, agents and sub-contractors” followed the word “Supplier” wherever it appears in those Conditions.

9.5          Subject to Conditions 9.1 and 9.2, the entire liability of the Supplier arising out of or in connection with the Contract or supply, non supply or delay in supplying any of the Services or Deliverables, or otherwise in connection with the Services or Deliverables, whether in contract, tort (including negligence or breach of statutory duty) or otherwise, is limited to the price of the Contract.

9.6          The Client acknowledges that the above provisions in Conditions 9.1 to 9.5 and this Condition 9.6 are reasonable and reflected in the price which would be higher without those provisions, and the Client will accept such risk and/or insure accordingly.

10    Confidentiality

10.1       During the term of the Contract and after termination or expiry of the Contract for any reason, the Receiving Party:

  • shall not use Confidential Information of the Disclosing Party for any purpose other than for the performance of its obligations under the Contract;
  • shall not disclose Confidential Information of the Disclosing Party to any person except with the prior written consent of the Disclosing Party or in accordance with Condition 10.3; and
  • shall make every effort to prevent the use or disclosure of Confidential Information of the Disclosing Party.

10.2       During the term of the Contract, the Receiving Party may disclose Confidential Information of the Disclosing Party to any of its directors, other officers, employees, sub-contractors and Clients (“Recipient”) to the extent that disclosure is necessary for the purpose of the Contract and provided that such persons are placed under written obligations of confidentiality equivalent to those contained in this Condition 10 (save that any Recipient shall not be entitled to further disclose any Confidential Information of the Disclosing Party unless it is required to be disclosed by law or unless the Disclosing Party expressly agrees to such disclosure).

10.3       Condition 10.2 does not apply to Confidential Information which:

  • is at the date that the Contract is formed or becomes at any time after that date publicly known other than by the Receiving Party’s or Recipient’s breach of the Contract;
  • can be shown by the Receiving Party to the Disclosing Party’s reasonable satisfaction to have been known by the Receiving Party before disclosure by the Disclosing Party to the Receiving Party;
  • is or becomes available to the Receiving Party or a Recipient otherwise than pursuant to the Contract and free of any restrictions as to its use or disclosure; and
  • is required to be disclosed by law, but then only to the extent so required.
  • is required to be disclosed to regulatory bodies as part of the organisation’s ongoing accreditations and certifications.

11    Termination

11.1       Without prejudice to any other rights or remedies which may arise, the Supplier may terminate the Contract immediately on giving notice if:

  • the Client commits a material breach of any of the terms of the Contract and, where the breach is remediable, fails to remedy that breach within 14 days of being notified in writing of the breach; or
  • an order is made, or a resolution is passed for the winding up of the Client, or circumstances arise which entitle a court of competent jurisdiction to make a winding up order of the Client; or
  • an order is made for the appointment of an administrator to manage the affairs, business and property of the Client, or documents are filed with a court of competent jurisdiction for the appointment of an administrator of the Client, or notice of intention to appoint an administrator is given by the Client or its directors or by a qualifying floating charge holder (as defined in paragraph 14 of Schedule B1 to the Insolvency Act 1986); or
  • a receiver is appointed of any of the assets of the Client or undertaking, or circumstances arise which entitle a court of competent jurisdiction or a creditor to appoint a receiver or manager of the Client, or if any other person takes possession of or sells the assets of the Client; or
  • the Client makes any arrangement or composition with its creditors, or makes an application to a court of competent jurisdiction for the protection of its creditors in any way; or
  • the Client ceases, or threatens to cease, to trade; or
  • the Client suspends, or threatens to suspend, payment of its debts or is unable to pay its debts as they fall due or admits inability to pay its debts or is deemed unable to pay its debts within the meaning of section 123 of the Insolvency Act 1986;or
  • the Client takes or suffers any similar or analogous action in any jurisdiction in consequence of debt; or
  • there is a change of control of the Client (as defined in section 574 of the Capital Allowances Act 2001).

11.2       On termination of a Contract for any reason, any indebtedness of the Client to the Supplier pursuant to that Contract shall become immediately due and payable and the Supplier is relieved of any further obligations to the Client pursuant to that Contract.

11.3       Any provision of this agreement that expressly or by implication is intended to come into or continue in force on or after termination or expiry of this agreement shall remain in full force and effect.

11.4       Termination of the Contract, however it arises, shall not affect or prejudice the accrued rights of the parties as at termination or the continuation of any provision expressly stated to survive, or implicitly surviving termination. For the avoidance of doubt, upon termination of the Contract the licence granted pursuant to Condition 8.1 shall terminate.

12    Erasing of Data

12.1       The Supplier will ensure, as far as is reasonably practicable, that all data from it’s normal operating systems, including any independent archives, is securely erased and irretrievable. The supplier is not able to erase data from media that is used for the purposes of its Infrastructure backup and disaster recovery purposes. As these archives are superseded, previous archives will be securely erased and ultimately the data will be securely erased.

13    Marketing and Public Relations

13.1       Without prejudice to condition 10, the Supplier reserves the right to use generic and appropriately sanitised references to the services it has supplied in its Marketing and Public Relations collateral.

14    Force Majeure

14.1       The Supplier shall not be deemed to be in breach of the Contract or otherwise liable to the Client in any manner whatsoever for any failure or delay in performing its obligations under the Contract due to Force Majeure.

15    Employment Restriction

15.1       During the term of this agreement (including any renewals and extensions) and for a period of one year after it’s termination (for whatever reason) the Ultimate Client will not solicit or hire either directly or through any associated company, firm or person any personnel of the supplier engaged in the performance of this agreement at any time during the previous twelve months.  If the Ultimate Client is in breach of this condition, the Ultimate Client, recognising that the supplier will suffer substantial damage, will pay to the supplier by way of liquidated damages (and not as penalty) a sum equal to the annual salary for the immediately preceding twelve months of the person concerned.

15.2  During the term of this agreement (including any renewals and extensions) and for a period of one year after it’s termination (for whatever reason) the supplier will not solicit or hire either directly or through any associated company, firm or person any named contact of the Ultimate Client who had been named at any time during the previous twelve months.  If the supplier is in breach of this condition, the supplier, recognising that the Ultimate Client will suffer substantial damage, will pay to the Ultimate Client by way of liquidated damages (and not as penalty) a sum equal to the annual salary for the immediately preceding twelve months of the person concerned.

16    Variation

16.1       Subject to Condition 5, no variation of a Contract and/or these Conditions shall be valid unless it is in writing and signed by or on behalf of each of the parties.

17    Waiver

17.1       A waiver of any right under a Contract is only effective if it is in writing and it applies only to the party to whom the waiver is addressed and the circumstances for which it is given.

17.2       Unless specifically provided otherwise, rights arising under a Contract are cumulative and do not exclude rights provided by law.

17.3       No failure or delay by a party to exercise any right or remedy provided under this agreement or by law shall constitute a waiver of that or any other right or remedy, nor shall it prevent or restrict the further exercise of that or any other remedy. No single or partial exercise of such right or remedy shall prevent or restrict the further exercise of that or any other right or remedy.

18    Assignment and sub-contracting

18.1       The Client shall not, without the prior written consent of the Supplier, assign, transfer, charge, sub-contract or deal in any other manner with all or any of its rights or obligations under any Contract.

18.2       The Supplier is entitled at any time to assign, transfer, charge, sub-contract or deal in any other manner with all or any of its rights under any Contract and may sub-contract or delegate in any matter any or all of its obligations under any Contract.

19    No partnership or agency

19.1       Nothing in a Contract is intended to, or shall operate to, create a partnership between the parties, or to authorise either party to act as agent for the other, and neither party shall have authority to act in the name or on behalf of or otherwise to bind the other in any way (including the making of any representation or warranty, the assumption of any obligation or liability and the exercise of any right or power).

20    Rights of third parties

20.1       Subject to Condition 9.4, a person who is not a party to a Contract shall have no rights under the Contract (Rights of Third Parties) Act 1999 to enforce any terms of such Contract.

21    Invalidity

21.1       If any Condition is held by any court, tribunal or administrative body of competent jurisdiction to be wholly or partly illegal, invalid or unenforceable in any respect then this shall not affect any other Conditions of the Contract, which shall remain in full force and effect.

22    Whole Agreement

22.1       These Conditions and any Contract constitute the whole agreement between the parties relating to the subject matter they cover and supersede any arrangements, understanding or previous agreements between the parties relating to such subject matter.

22.2       Each party acknowledges that in entering into these Conditions and any Contract (including the appropriate Quotation) it does not rely on any representation or warranty (whether made innocently or negligently) that is not set out in these Conditions and any Contract (including the appropriate Quotation). Each party agrees that its only liability in respect of those representations and warranties that are set out in these Conditions and any Contract (including the appropriate Quotation) (whether innocently or negligently) shall be for breach of contract.

22.3       Nothing in this Condition shall limit or exclude any liability for fraud.

23    Notices

23.1       Notice given under the Contract shall be in writing, and sent to the registered office of the other party (or such other address, or person as the relevant party may notify to the other party) and shall be delivered personally, or email, or sent by pre-paid, first-class post or recorded delivery.  A notice is deemed to have been received, if delivered personally, at the time of delivery, in the case of email, at the time of transmission, in the case of pre-paid first class post or recorded delivery, 48 hours from the date of posting and, if deemed receipt under this Condition 23 is not within business hours (meaning 9.00am to 5.00pm Monday to Friday on a day that is a Working Day), at 9.00am on the first Working Day following delivery.  To prove service, it is sufficient to prove that the notice, in the case of post, that the envelope containing the notice was properly addressed and posted.

24    Governing law and jurisdiction

24.1       The Contract and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims), shall be governed by, and construed in accordance with English law.

24.2       The parties irrevocably agree to submit to the exclusive jurisdiction of the courts of England and Wales.

 

PRODUCT SPECIFIC TERMS & CONDITIONS (IN ADDITION TO STANDARD TERMS AND CONDITIONS)

SCHEDULE 4 – CYBER INCIDENT RESPONSE & CYBER CONSULTANCY SERVICES

  • Client Obligations

1.1      The Client consents to a credit check being carried out to assess their credit worthiness.

1.2      To provide or facilitate the provision of Exhibits and data; and warrant that they and the Ultimate Client (“Ultimate Client”) have the lawful and legal right to provide or grant access to the Exhibits and data for the purposes of this or any other Contract.

 

  • Fees & Payment

2.1      The Client shall make all payments due to the Supplier under any Contract immediately upon receipt of the relevant invoice. For the avoidance of doubt, the Client shall be responsible for all payments to the Supplier, regardless of the Client’s arrangements with its Ultimate Client.

2.2      In the event that the credit check does not support suitable credit worthiness then payment will need to be made in full before work commences.

2.3      Where a client is charged a retainer for Cyber Incident response services and the client no longer requires the services (whether in accordance with its Ultimate Clients’ instructions or otherwise)       no refund is applicable.

2.4      In the event that the Supplier has commenced the provision of the Cyber Consultancy Services and subsequently the Client no longer requires the Services (whether in accordance with its Ultimate Clients’ instructions or otherwise), the Client shall inform the Supplier of this in writing as soon as possible and the Client shall be liable to pay the greater of 50% of the total price of the Services or the price payable for the Services provided by the Supplier to the Client as at the date the Client notifies the Supplier in writing that it no longer requires the Services.

2.5      Without prejudice to Condition 3.1, time of payment is of the essence of each Contract and the Supplier reserves the right to suspend the provision of Services and delivery of Deliverables to the Client where any amounts are overdue under any Contract until all such amounts have been paid in full.

2.6      Without prejudice to the Supplier’s other rights and remedies, if the Client fails to pay any amount due to the Supplier under any Contract 30 days after the due date, the Supplier shall be entitled, upon notification to the Client, to remove the Client’s data (and Exhibits) and destroy or permanently erase the same.

 

  • Termination
    • Without prejudice to any other rights or remedies which may arise, either party may terminate the Contract without liability to the other (save for the Client’s liability to the Supplier as set out in clause 2.3 and 2.4) on giving the other party not less than one months’ written notice.

3.2      On termination of a Contract for non-payment, the Supplier shall be entitled, upon written notification to the Client with 30 days’ notice, to remove the Client’s data (and Exhibits) and destroy or permanently erase the same.

 

  • Data Retention

4.1     The Client accepts the return of any exhibits within CYFOR’s property, where legally permissible, within thirty days of being served an expert witness report. Retention of exhibits for a period of greater than 30 days may incur a charge which is payable by the Client

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

APPENDIX 1

DATA PROTECTION TERMS

  1. DEFINITIONS AND INTERPRETATION

1.1.        For the purpose of this Appendix 1, the following terms have the meanings ascribed to them (and are in addition to the definitions at condition 1.1):

Data Controller”, “Data Processor”, “Data Subject“, “Personal Data” and “Processing” shall have the same meanings as are assigned to those terms in the Data Protection Act 2018 (the “Act”);

Data Processing Terms” means the terms in this Appendix;

“Data Protection Legislation” means any and all data protection and / or privacy legislation, regulation and binding codes of practice applicable to the parties in the United Kingdom from time to time, including without limitation the Act, the UK GDPR (as defined in section 205(4) of the Data Protection Act 2018), and the Privacy and Electronic Communications (EC Directive) Regulations 2003 as it has effects in the UK, each as amended, supplemented and replaced from time to time;

Personal Data” shall have the meaning ascribed to it in the Act, and includes Special Categories of Personal Data as defined therein;

Staff” means any employee, worker or other individual or body corporate as the case may be which the Supplier uses or engages to supply, or in relation to, the Services.

  1. PARTIES’ ROLES UNDER THE ACT AND APPLICATION OF THESE CONDITIONS

2.1.        The parties agree that, in respect of Personal Data which are provided to the Supplier by the Ultimate Client pursuant to the Contract, then, for the purposes of the Data Processing Terms, the Ultimate Client is deemed to be the Data Controller and the Supplier is deemed to be the Data Processor.

2.2.        These Data Processing Terms shall apply to all Personal Data provided by the Ultimate Client to the Supplier under the Contract.

2.3.        The Supplier shall comply with the Act and Regulations to the extent that they are applicable to the Services provided by the Supplier.

  1. OBLIGATIONS OF THE DATA PROCESSOR

3.1.        The Supplier shall, in relation to any Personal Data processed in connection with the performance by the Supplier of its obligations under the Contract:

(a)          process that Personal Data only on the written instructions of the Client unless the Supplier is required by the laws of any member of the European Union or by the laws of the European Union applicable to the Supplier to process the Personal Data (Applicable Data Processing Laws). Where the Supplier is relying on Applicable Data Processing Laws, the Supplier shall promptly notify the Client of this before performing the processing required by the Applicable Data Processing Laws unless those Applicable Data Processing Laws prohibit the Supplier from so notifying the Client;

(b)          ensure that it has in place appropriate technical and organisational measures to protect against unauthorised or unlawful processing of the Personal Data and against accidental loss or destruction of, or damage to, the Personal Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the Personal Data, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting the Personal Data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to the Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it);

(c)          ensure that all personnel who have access to and/or process the Personal Data are obliged to keep the Personal Data confidential; and

(d)          only transfer Personal Data outside of the European Economic Area (EEA) where the following conditions are fulfilled:

(i) the Client or the Supplier has provided appropriate safeguards in relation to the transfer;

(ii) the Data Subject (as defined in the Data Protection Legislation) has enforceable rights and effective legal remedies;

(iii) the Supplier complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any of the Personal Data that is transferred; and

(iv) the Supplier complies with reasonable instructions notified to it in advance by the Client with respect to the processing of the Personal Data;

(e)          ensure that all its computers and portable electronic devices (including laptops, tablets, smart phones and USB sticks) that will be used for storing, sending and receiving the Personal Data are appropriately protected against unauthorised use by encryption/passwords and appropriate firewalls/anti-virus packages (with regular and frequent updates being applied) and are physically stored securely when not in use;

(f)            ensure that Personal Data transported by portable storage media or by telecommunications network shall be fully encrypted or password protected or sent by a secure virtual private network (“VPN”) as appropriate and all such data must be wiped from the storage media used for transporting the data or destroyed such that it cannot be recovered once the data has been transferred to the target system;

(g)           ensure that the data centre premises on which Personal Data are stored are ISO27001 compliant and compliant with other appropriate security and audit standards throughout the term of the Contract;

(h)           inform the Client immediately upon becoming aware that Personal Data has been used or Processed in a manner which is not expressly permitted by these Data Processing Terms;

(i)            inform the Client immediately upon becoming aware of any actual or suspected, threatened or ‘near miss’ incident of accidental or unlawful destruction or accidental loss, alteration, unauthorised or accidental disclosure of or access to the Personal Data or other data security breach in relation to the Personal Data, or if the Personal Data is lost (temporarily or permanently) or has the potential to be misused in any way.

3.2.        Notwithstanding paragraph 3.1 of this Appendix 1, the Supplier shall:

3.2.1       inform the Client and the Ultimate Client within 2 (two) Working Days in the event that the Supplier receives a request from a Data Subject seeking to exercise their rights under the Act in relation to the Personal Data and not to respond to the Data Subject other than to acknowledge receipt of the request;

3.2.2       assist the Client and the Ultimate Client, at the Clients cost, with all Data Subject information requests which may be received from any Data Subject in relation to any Personal Data; or in complying with any obligations relating to security and consulting with supervisory bodies, providing reasonable prior written notice has been given.

3.2.3       allow its data processing facilities, procedures and documentation to be submitted for scrutiny, inspection or audit by the Client and/or the Ultimate Client in order to ascertain compliance with the terms of these Data Processing Terms within twenty (20) Working Days of such a request from the Client and/or the Ultimate Client and to provide reasonable information assistance and co-operation to the Client and/or the Ultimate Client if this right is exercised. In the event that the Client and/or the Ultimate Client has to come onto premises where the Personal Data is being processed in order to carry out any scrutiny, inspection or audit, the Client and/or the Ultimate Client shall reimburse any reasonable costs directly incurred by the Supplier in permitting the Client and/or the Ultimate Client to exercise their rights under this paragraph. No Client penetration testing or vulnerability scanning is allowed during any Client or Ultimate Client audits as such actions could impact the Supplier’s ability to service other Ultimate Clients; and

3.2.4       ensure that non-authorised persons are prevented from entering areas of its premises where Personal Data is stored and used. Where this is not possible, all visitors must always be escorted.

  1. OBLIGATIONS OF THE DATA CONTROLLER

4.1         The Client will ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of the Personal Data to the Supplier and its duly authorised sub-contractors (which the Client hereby acknowledges may be located outside of the EEA) for the duration and purposes of the Contract.

4.2         The Client will ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of the Personal Data to the Supplier and its duly authorised sub-contractors (which the Client hereby acknowledges may be located outside of the EEA) for the duration and purposes of the Contract

4.3         The Client acknowledges and agrees that details of the Client’s name, address and payment record may be submitted to a credit reference agency for the purpose of the Supplier establishing the Client’s commercial credibility and to protect the Supplier’s business interests. Such credit search results may be retained by the Supplier for the duration of the provision of the Services

4.4         The Client consents to the Supplier using 3rd party couriers, postal services, document processing and other subcontractors as third-party processors of the Personal Data under the Contract. The Supplier confirms that it has entered or (as the case may be) will enter with the third-party processor a written agreement incorporating terms which are substantially similar to those set out in this condition. As between the Client and the Supplier, the Supplier shall remain fully liable for all acts or omissions of any third-party processor appointed by it pursuant to this condition.

4.5         The Client shall indemnify the Supplier against all liabilities, costs, expenses, damages and losses (including but not limited to any direct, indirect or consequential losses, loss of profit, loss of reputation and all interest, penalties and legal costs (calculated on a full indemnity basis) and all other professional costs and expenses) suffered or incurred by the Supplier arising out of or in connection with the breach of this condition by the Clients, its employees or agents and/or the Data Protection Legislation by the Client, its employees or agents

  1. DATA RETENTION POLICY

5.1.        The Supplier shall not retain data for longer than is necessary and shall be in accordance with agreed retention schedules and EU/UK law.

5.2.        The Supplier may be required to comply with any reasonable data retention guidelines as issued by the Client and/or the Ultimate Client and as amended from time to time (additional costs may flow to the Client for non-standard retention, such costs to be agreed in writing by the parties). This may require certain data to be identified for retention and made available to the Client in electronic form by the Supplier and the Supplier shall comply with the same.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

APPENDIX 2

INFORMATION SECURITY TERMS

The Supplier shall:

  • on or before the date on which the Supplier commences providing the Services, provide a copy of the Supplier’s information security policy (and such policy shall include as a minimum an information security breach procedure, details of encryption used and security access controls with regards to user credentials used by its staff) to the Client and shall update and maintain and abide by the such policy throughout the term of the Contract and shall provide to the Client updated versions as and when the same are created;
  • remain throughout the term of the Contract ISO 27001 compliant and shall provide the Services in accordance with such standard at all times;
  • ensure that all subcontractors involved in the provision of the Services adhere to the terms of these Conditions in respect of the obligations to be performed by them as if they were signatories hereto;
  • conduct security testing of its information technology systems used to provide the Services (including but not limited to penetration testing and vulnerability scans) at least once each quarter during the term of the Contract and shall provide a copy of the results of such testing promptly upon completion;
  • as at the date on which the Supplier commences providing the Services, be registered with the Information Commissioner’s Office as a Data Controller (as defined in Appendix 1) and shall update and maintain such registration throughout the term of the Contract;
  • ensure that all hardware assets used in or to support the provision of the Services which are in any way connected to the Client’s or the Ultimate Client’s information technology hardware or network are:
  • listed in an asset register (to be maintained and updated throughout the term of the Contract such updates to occur as a minimum every six months); and
  • virus and malware protected in accordance with good industry practice (to be maintained and updated throughout the term of the Contract, such updates to occur as a minimum quarterly).