1. Confidential Information:
1.1 While working with the Discloser for the Purpose, the Recipient will have access to Confidential Information as defined in paragraph 1.2.
1.2 Subject to clauses 1.3, “Confidential Information” includes all information (however recorded, shared or preserved) disclosed or made available directly or indirectly, by the Discloser or its employees, officers, representatives or advisers to the Recipient including but not limited to:
(a) any information that was expressed to be confidential and / or would be regarded as confidential by a reasonable person relating to areas including but not limited to:
(i) the business, affairs, supporters, advisers, policies, plans, intentions or opportunities of the Discloser;
(ii) any Personal Data (as defined in clause 3), and
(iii) the operations, processes, know-how or strategies of the Discloser;
(b) any information or analysis derived from the Confidential Information; and
(c) any agreements that the Recipient has with the Discloser.
1.3 Confidential information does not include:
(a) any information which is lawfully in, or in future lawfully comes into, the public domain (unless as a result of a breach of this Agreement); or
(b) was lawfully in the possession of the Recipient before the information was disclosed to it by the Discloser, as evidenced by written records; or
(c) the Discloser agrees in writing is not confidential.
2. The obligations:
2.1 The Recipient undertakes:
(a) not to use the Confidential Information for any purpose except the Purpose, without first obtaining the written agreement of the Discloser;
(b) to keep the Confidential Information secure and not to disclose it to any third party, without first obtaining the written agreement of the Discloser;
(c) not to copy, reduce to writing or otherwise record the Confidential Information except as strictly necessary for the Purpose (and any such copies, reductions to writing and records shall be the property of the Discloser); and
(d) to take reasonable measures to ensure that the Confidential Information remains confidential.
2.2 The Recipient may disclose the Confidential Information only to those of its employees and officers who need to know the Confidential Information for the Purpose, provided that:
(a) it informs such employees and officers of the confidential nature of the Confidential Information before disclosure; and
(b) it procures that such employees and officers shall, in relation to any Confidential Information disclosed to them, comply with this Agreement as if they were the Recipient and, if the Discloser so requests, procure that any relevant employee or officer enters into a confidentiality agreement with the Discloser on terms equivalent to those contained in this Agreement,
2.3 The Recipient will, following the end of the work as required to carry out the Purpose or at any time on request from the Discloser, return all copies and records of the Confidential Information to the Discloser and will not retain any copies or records of the Confidential Information.
2.4 Nothing in this Agreement will prevent the Recipient from making any disclosure of the Confidential Information only to the extent required by law, by any governmental or other regulatory authority or by a court or other authority of competent jurisdiction provided that, to the extent it is legally permitted to do so, it gives the Discloser as much notice of such disclosure as possible and, where notice of disclosure is not prohibited and is given in accordance with this clause, it takes into account the reasonable requests of the Discloser in relation to the content of such disclosure.
3. Data protection:
3.1 For the purpose of this clause the following terms shall have the following meanings:
(a) Data Controller: shall have the meaning of ‘controller’ set out in Article 4(7) of the GDPR.
(b) Data Processor: shall have the meaning of ‘data processor’ set out in Article 4(8) of the GDPR.
(c) Data Protection Legislation: means, for such time as they are in force in England and Wales, the DPA, the GDPR and all related legislation which may supplement, amend, implement or replace them and which relates to the protection of individual’s rights in their personal data and the protection of their privacy.
(d) Data Subject: means an individual who is the subject of Personal Data.
(e) DPA: means the Data Protection Act 2018.
(f) EEA: means the European Economic Area and also includes the United Kingdom whether or not it is a member of the European Economic Area.
(g) GDPR: means Regulation (EU) 2016/679 and/or such legislation as may give effect to its terms in England and Wales.
(h) Personal Data: has the meaning set out in Article 4(1) of the GDPR, and for the purposes of this Agreement means Personal Data provided by one party to this Agreement to the other.
(i) Processing and process: have the meaning set out in Article 4(2) of the GDPR and clause 3(4) of the DPA.
3.2 The Discloser and the Recipient acknowledge that for the purposes of Data Protection Legislation, in the event that any Confidential Information contains or consists of Personal Data then the Discloser shall be the Data Controller and Recipient shall be the Data Processor in respect of that Personal Data.
3.3 The Data Processor shall process the Personal Data only in accordance with Data Controller’s instructions from time to time and shall not process the Personal Data for any purpose other than enabling it to engage in the discussions in relation to the Purpose, or for any other purpose which may be expressly authorised by Data Processor.
3.4 Where a party is a Data Processor pursuant to this Agreement it shall take steps to ensure that its employees are informed of their obligations in relation to Personal Data and that they hold and process such information in confidence and in accordance with all relevant Data Protection Legislation.
3.5 Data Protection Warranties:
(a) Each party warrants to the other that it will process the other’s Personal Data in compliance with all applicable Data Protection Legislation.
(b) Where a party to this Agreement becomes a Data Processor pursuant to it, it warrants that:
(i) having regard to the state of the art of technological development, the nature of the processing in question, and the material risk to the rights of affected Data Subjects, the Data Processor shall take appropriate technical and organisational measures to secure relevant Personal Data against the unauthorised or unlawful processing of Personal Data and against the accidental loss or destruction of, or damage to, Personal Data;
(ii) it will not transfer any Personal Data outside of the EEA without the prior authorisation of the Data Controller;
(iii) it will assist the Data Controller, insofar as possible, in responding to any requests made by any relevant Data Subject which concern the exercise of that Data Subjects rights under the GDPR;
(iv) it shall report to the Data Controller any suspected data breach concerning the Personal Data and shall assist the Data Controller to inform the relevant regulator and affected Data Subjects; and
(v) it shall demonstrate to the Data Controller, to the extent that is reasonable given the nature of the processing in question, that it complies with Data Protection Legislation.
3.6 Each party agrees to indemnify and keep indemnified and defend at its own expense the other party against all costs, claims, damages or expenses incurred by the other party or for which the other party may become liable due to any failure by the first party or its employees or agents to comply with any of its obligations pursuant to this clause 3. In order to avail itself of this indemnity the claiming party must: promptly notify the indemnifier of any relevant claim of which the indemnified party becomes aware; not make any admission of liability or offer to settle in respect of any relevant claim without the prior written permission of the indemnifier; grant the indemnifier full control of all relevant proceedings on request, and; provide the indemnifier with such assistance in dealing with such claims as it may reasonably request.
3.7 The Data Processor may not authorise any third party to process Personal Data provided by the Data Controller without first receiving the Data Controller’s written and explicit permission to do so.
3.8 Extent of Data Controller’s rights
(a) In relation to its rights under this Agreement, the Discloser in its capacity as Data Controller will have at least equal rights in relation to the treatment, disposal or otherwise of any Personal Data that it would have in its capacity as Discloser for Confidential Information, subject to the following:
(i) where the Discloser in its capacity as Data Controller has more extensive rights under this clause 3 than the rights provided elsewhere in this Agreement, then any conflicting right in this clause shall prevail; and
(ii) this clause 3 shall not prohibit or limit the exercise of any additional or more extensive statutory right that the Data Controller may come to possess under Data Protection Legislation, and where available the Data Processor irrevocably agrees that the Data Controller may (without limitation) exercise the full extent of its rights.
4. Rights, remedies and Indemnities:
4.1 The Recipient acknowledges that damages alone would not be an adequate remedy for the breach of any of the provisions of this Agreement. Accordingly, without prejudice to any other rights and remedies it may have, the Discloser shall be entitled to the granting of equitable relief (including without limitation injunctive relief) concerning any threatened or actual breach of any of the provisions of this Agreement, without any obligation on the Discloser to demonstrate that it is at any risk of suffering substantial, or any, harm as a result of that breach.
4.2 The Recipient shall indemnify and keep fully indemnified the Discloser at all times against all liabilities, costs (including legal costs on an indemnity basis), expenses, damages and losses including any direct, indirect or consequential losses, loss of profit, loss of reputation and all interest, penalties and other costs and expenses suffered or incurred by the Discloser arising from any breach of this Agreement by the Recipient.
4.3 Failure to exercise, or any delay in exercising, any right or remedy provided under this Agreement or by law shall not constitute a waiver of that or any other right or remedy, nor shall it preclude or restrict any further exercise of that or any other right or remedy.
4.4 No single or partial exercise of any right or remedy provided under this Agreement or by law shall preclude or restrict the further exercise of that or any other right or remedy.
5. Duration of obligations: The obligations in this Agreement will continue in force from the date of this Agreement or the commencement of the Purpose (whichever is earlier) for as long as any information disclosed by the Discloser to the Recipient remains Confidential Information.
6. Relationship of the parties:
6.1 Nothing in this Agreement is intended to, or shall be deemed to, establish any partnership or joint venture between the parties, constitute any party the agent of the other party, nor authorise any party to make or enter into any commitments for or on behalf of the other party.
6.2 Neither this Agreement nor the supply of any information grants the Recipient any licence, interest or right in respect of any intellectual property rights of the Discloser except the right to use the Confidential Information solely for the agreed Purpose.
7. Rights of third parties: A person who is not a party to this Agreement has no rights under the Contracts (Rights of Third Parties) Act 1999 to enforce any term of this Agreement.
8. Severance: If any provision or part-provision of this Agreement is or becomes invalid, illegal or unenforceable, it shall be deemed modified to the minimum extent necessary to make it valid, legal and enforceable. If such modification is not possible, the relevant provision or part-provision shall be deemed deleted. Any modification to or deletion of a provision or part-provision under this clause shall not affect the validity and enforceability of the rest of this Agreement.
9. Interpretation: Clause headings shall not affect the interpretation of this Agreement.
10. Governing law and jurisdiction:
10.1 This Agreement is governed by the law of England and Wales and any dispute is subject to the exclusive jurisdiction of the Courts and Tribunals of England and Wales; and
10.2 The parties irrevocably agree that the courts of England and Wales are the most appropriate and convenient courts to settle any dispute or claim, and accordingly, no party will argue to the contrary.