STANDARD TERMS AND CONDITIONS
Red Flag Alert Standard Terms and Conditions
1) DEFINITIONS
“Agreement” This agreement for the supply of deliverables to the Client, comprising the order form and these Standard Terms and Conditions.
“Client” The organisation specified in the order form and within the body of this agreement.
“Commencement Date” The commencement date of this Agreement as specified in the order form and these Standard Terms and Conditions.
“Data Controller” As defined in the DP Act. “Data Processor” As defined in the Data Protection Act 2018.
"Deliverable" Any set of RFA Data, data analysis, report or other output, product or service specified in the Order form and these Standard Terms and Conditions as required to be delivered to the Client by Red Flag Alert Technology Group under this Agreement.
“Derived Materials” Any dataset, analysis, report or other output which the Client produces using one or more deliverables or any RFA data, other data or material within a deliverable.
“DP Act” The Data Protection Act 2018 or any subsequent Data Protection Legislation which amends or replaces the Data Protection Act 2018.
“RFA” Red Flag Alert Technology Group.
“RFA Data” Data of which RFA is the Data Controller which is supplied to the Client under the terms of the Agreement unless as specified otherwise within the Data Processing / Sharing Agreements (based on the requirements of the project and any relevant master / servant relationship).
“Insolvency Event”
“Licence End Date” As specified in the order form.
“Order form” The separate document along with the Standards Terms and Conditions that forms part of this Agreement that provides the details of the deliverables to be supplied to the Client.
“Parties” RFA and the Client.
“Payment” The payment(s) to be made by the Client to RFA as specified in the order form.
“Permitted Purposes” The purposes for which the Client is authorised to use the Deliverables as specified in the order form and these Standard Terms and Conditions.
“Personal Data” As defined in the DP Act, provided that for the purposes of this Agreement it shall also be interpreted in accordance with clause 6.2 of this agreement.
“Quality Assurance Process” The current quality assurance process applied by RFA (which includes any relevant audit requirement as specified within the Terms and Conditions) at the time at which the deliverables are produced and provided to the Client.
“Standard Terms and Conditions” The terms and conditions for supply of the deliverables to the Client which are set out in this agreement and incorporate any applicable order form. References in this Agreement to “clauses” are to the numbered clauses within the Standard Terms and Conditions.
“Term” The period between the Commencement Date and the later of:
1. The date on which the final Deliverable is delivered to the Client; or
2. The latest Licence End Date specified in the order form and these Standard Terms and Conditions
“Termination Date” The Licence End Date or any earlier date on which termination takes effect if the Agreement is terminated in accordance with clause 9 and 10.
“Working Day” Any day which is not a Saturday, a Sunday or a public holiday or bank holiday in England or Wales.
2 DURATION
2.1 Any Agreement incorporating all of the Terms shall commence on the Commencement Date and end on the expiry of the Term, subject to any decided upon earlier termination in accordance with clause 10 if these Terms and Conditions (the earlier of these dates being the “Termination Date”).
3 PAYMENT
3.1 The Client must pay each undisputed invoice for Fees in full and cleared funds, by direct debit or relevant instalment (without deduction or set-off) within 14 days of the invoice date, unless otherwise agreed in writing by the Supplier or specified in this Agreement and/or Service Specification. If the Client pays by direct debit, the details of such payments will be set forth in the Agreement and/or Service Specification, as applicable. If the order form states that the Payment will be made in instalments, the Client must pay these on the basis and frequency specified.
3.2 The Supplier shall invoice the Fees in accordance with the payment intervals stated in this Agreement and/or Service Specification invoice terms apply:
3.3 If payment is not successfully settled in accordance with those agreed terms detailed within the order form, RFA retains the right to either:
3.4 Where the Client misses two or more payments to RFA, all amounts payable under this Agreement shall be paid in full.
3.5 The Client shall not be able to dispute any amounts which have been paid by the Client after a period of three (3) months has elapsed from the date of invoice.
3.6 The Supplier is not obligated to provide any of the Services or deliver any Products while any duly issued invoice(s) under this Agreement and/or Service Specification remain unpaid; however, if the Supplier chooses to continue doing so, this shall not be construed as a waiver of the Supplier's rights or remedies.
3.7 Fees relating to the provision of Services and delivery of agreed Products shall increase on an annual basis with effect on a date determined by the Supplier (each such period being within or on a “Service Year”) in line with the percentage increase in the Retail Prices Index in the preceding 12-month period.
3.8 The Supplier maintains the right to increase the Fees on a yearly basis, in accordance with this clause 3.8 and 3.7, with 30 days' notice to the Client. If the Client does not agree to this increase, they may terminate this Agreement with 30 days written notice of the determined end date of the agreement and prior to the price increase taking effect. If the Supplier does not receive written notice within thirty (30) days, the Client is presumed to have agreed to the fee change.
4 SUPPLY OF DELIVERABLES
4.1 RFA will provide the Deliverables to the Client on or after the dates referred to in the order form. RFA will not be liable for any delays in the supply of Deliverables caused by causes beyond RFA’s control.
4.2 RFA shall provide all Deliverables to the Client in the format and to the specification specified in the order form, provided that RFA reserves the right, at its sole discretion, to change the specification and/or provide data in RFA’s standard format if such changes are deemed necessary as a result of any Quality Assurance Process.
4.3 RFA shall notify the Client as soon as is reasonably practical of any decision taken to alter the specification or format of any Deliverables as a result of the Quality Assurance Process.
4.4 The Client acknowledges that the third parties contributing data to RFA determine the content of RFA Data. The Client further acknowledges and accepts that the RFA Data to be delivered under this Agreement will be the data held by RFA at the date of signature of this Agreement and as specified in the order form, where:
4.4.1 It is the Client’s obligation to ensure that the Deliverables are fully described within the order form and are appropriate and sufficient to meet its requirements. There will be no refund or other remedy available to the Client if any component of the Deliverables does not meet the Client’s expectations or needs, or if the Client does not use any of the data, materials, or services included in the Deliverables, provided that the Deliverables have been provided as described in the order form.
4.4.2 The Client is required to conduct its own Legitimate Interest Assessment and / or Data Protection Impact Assessment in line with its legal obligations. Such documents may at times be subject to any audit conducted by or on behalf of RFA with reasonable notice.
5 INTELLECTUAL PROPERTY RIGHTS
5.1 Red Flag Technology Group Ltd owns and retains all intellectual property rights in the Deliverables to the extent that they constitute or contain RFA Data, as well as all intellectual property rights in any database including any RFA Data compiled by RFA. The Client agrees that RFA Data and related databases are protected by the Copyright Rights in Databases Regulations 1997. (see appendix 1)
5.2 In exchange for the Client making the Payment to RFA as specified in clause 3 and subject to this Agreement, RFA grants the Client a non-exclusive, non-transferable licence to receive and use the RFA Data in the Deliverables as specified in the order form and these Standard Terms and Conditions for the Permitted Purposes during the relevant Licence Period.
5.3 To the extent that RFA is the author of any Deliverables, it hereby asserts its and/or RFA’s right to be identified as the author of such materials in accordance with Section 78(2) of the Copyright, Designs and Patents Act 1988, where the Deliverable or any part thereof is reproduced in its original form.
5.4 In relation to the content of any Deliverable not covered by clause 5.1, RFA acknowledges the Client’s right to use and reproduce the Deliverable for the Permitted Purposes in exchange for the Client making the Payment to RFA in accordance with clause 3 and subject to clause 5.3 and the remainder of this Agreement, subject to the limitations in clause 6, 13 and 14 of these Standard Terms and Conditions.
6 DATA PROTECTION AND DATA SECURITY – GENERAL CONDITIONS
Please refer to the Data Processing Addendum (Controller) which defines the responsibilities and obligations placed upon the Parties and which may be found at https://www.redflagalert.com/data-processing-addendum-controller-processor
6.1 Each party recognises the importance of appropriately managing data security and risks associated with data use, both to protect the rights of individual data subjects and to avoid reputational, relationship, and commercial risks to RFA arising from any perceived breach or inadequacy in the protection and security of data collected by RFA, which could impede RFA and their customers’ ability to access data in the future.
6.2 Each party agrees that where the order form and these Standard Terms and Conditions identifies any deliverable or RFA data as Personal Data, such deliverables or RFA data shall be treated as personal data as defined in the DP Act and as subject to this clause 6, regardless of whether either party believes that identification of any particular individual from that Data by the Client or any other person is possible or likely. The term “Personal Data” must be interpreted accordingly in this Agreement.
6.3 Each party agrees that in connection with the provision or use of the Deliverables (as appropriate) it will at all times:
6.3.1 comply with the DP Act including without limitation (to the extent relevant) the obligations as to registration as a Data Controller and the data protection principles set out in the DP Act;
6.3.2 fully co-operate with each other to enable the other party to comply with the DP Act.
6.4 In particular and, without prejudice to the generality of clause 6.3, the Client shall:
6.4.1. fully co-operate with RFA as reasonably required to ensure RFA’s compliance with the DP Act;
6.4.2. in connection with any personal data or sensitive personal data within the deliverables, notify RFA immediately if it receives any of the following, and in any event assist RFA in complying with or responding to:
6.4.2.1 requests for subject access from data subjects
6.4.2.2 an information notice, or any other notice (including in particular any deregistration, enforcement or transfer prohibition notice) served on the Client by the Information Commissioner
6.4.2.3 any complaints from data subjects; and
6.4.2.4 any investigation of any breach or alleged breach of the DP Act.
6.4.3 ensure that any RFA data it holds is kept strictly confidential and secure, and that appropriate technical and organisational information security and processing procedures are established and maintained. This is to ensure that all data provided in accordance with this Agreement is adequately protected against any unlawful or unauthorised processing, including the disposal or destruction of data or equipment on which data is stored or accessed. In order to ensure the security of the RFA Data, the Client will limit access to personal data or sensitive personal data to a small number of expressly authorised people for the permitted purposes who have obtained adequate data protection and security training.
6.4.4 Without limiting the generality of clause 6.4.3, where the Client completes an information security questionnaire or provides any other written information regarding its information security arrangements at RFA’s request prior to entering into this Agreement, the Client must promptly notify RFA of any changes to the matters covered by the questionnaire or other written information that materially alter the nature or scope of the systems and arrangements for data security. Subject to the results of the questionnaire, the RFA will require the Client to remedy any detected inadequacies within a reasonable time frame (with or without the aid of the RFA) in order to satisfy any audit / questionnaire requirements:
6.4.4.1 RFA shall maintain an audit program to help ensure compliance with the obligations set out in this DPA and shall make available to its Clients information to demonstrate compliance with the obligations set out in the applicable data processing agreement which forms part of these Terms and Conditions and as set forth in this section.
6.4.4.2 Data Protection Impact Assessment. Where identified from the audit, RFA shall provide the client at cost any and all assistance needed to fulfil Client’s obligation under Data Protection Laws and Regulations and to carry out a data protection impact assessment / legitimate interest assessment related to Client’s use of the Services, to the extent the Client does not otherwise have access to the relevant information, and to the extent such information is available to RFA.
6.4.5 promptly report to RFA any circumstance that it becomes aware of which:
6.4.5.1 mean or may mean that clause 6.3.1 or 6.4.3 has not been complied with
6.4.5.2 cause or may cause any party to breach the DP Act as a result of processing carried out in connection with this Agreement; or
6.4.5.3 mean or may mean that there has been unauthorised processing of personal data in connection with this Agreement.
7 INVESTIGATION OF A POTENTIAL BREACH
7.1 The Client shall provide such evidence of its compliance with the obligations under clause 6 and conditions 15 and 16 of these Terms and Conditions as RFA may reasonably request.
7.2 Without limiting the generality of clause 7.1, where the Client reports a matter to RFA under clause 6.4.5 or RFA has reasonable grounds to believe that the Client has or may have breached clause 6,13 or 14 of these Terms and Conditions, the Client shall immediately provide all reasonable co-operation to RFA to enable RFA to determine as far as possible whether the Client has or may have breached clause 6:
7.2.1 whether such a breach has taken place, the scope of any breach and the cause of any breach; and
7.2.2 action which is appropriate for RFA or the Client to take to remedy or mitigate the impact of any such breach.
7.3 Reasonable co-operation under clause 7.2 shall include but not be limited to the provision of documents and information and provision of access to personnel, premises and systems on request within reasonable timescales specified by RFA.
7.4 Without limiting RFA’s rights under clause 10.1, if RFA Services investigates a potential breach under this clause 7 and reasonably determines that a breach of clause 6 or any other applicable conditions in relation to the lawful processing of data has occurred, the Client must promptly take any reasonable steps that RFA specifies to the Client as necessary to remedy or mitigate the impact of the breach.
8 CONFIDENTIALITY AND FREEDOM OF INFORMATION
8.1 In this clause 8, “Confidential Information” refers to secret or confidential commercial, financial, marketing, technical, or other information, including, but not limited to, know-how, trade secrets, operations, plans, intentions, working methods, designs, market opportunities, transactions, affairs, and/or business of the parties and/or their customers, suppliers, or clients, and other information in any form or medium, whether disclosed orally or in writing. “Confidential” denotes that the information is not publicly available, either in its entirety or in the precise arrangement or assembly of its components. The parties shall seek to appropriately identify and label information which each considers to be confidential, but their failure to do so will not in itself mean such information is not Confidential Information.
8.2 Subject to articles 8.3 and 8.4, each party must retain and ensure that all Confidential Information belonging to the other disclosed or obtained as a result of the parties’ relationship under this Agreement be kept secret and confidential. Except for the purposes of the proper performance of this Agreement or with the prior written approval of the other party, neither party shall use nor disclose the same. When disclosure is given to an employee, consultant, or agent, it is subject to the same requirements as set forth in this article. Each party shall ensure that any such employee, consultant, or agent enters into an information security agreement with the other that includes duties similar to those set forth in this section 8. Each party is expected to use all reasonable endeavours to ensure that any such employee, consultant or agent complies with such obligations. Each party shall be responsible to the other in respect of any disclosure or use of such Confidential Information by a person to whom disclosure is made.
8.3 The obligations of confidentiality and other obligations in this clause 8 shall not extend to any matter which the relevant party can show:
8.3.1 is lawfully in, or has become lawfully part of, the public domain other than as a result of a breach of the obligations of confidentiality under this Agreement; or
8.3.2 was independently disclosed to a party to this Agreement by a third party, which, in that receiving party’s reasonable opinion, was legally entitled to disclose the same; or
8.3.3 is required to be disclosed under any applicable law, including a valid request under the Freedom of Information Act 2000, the Freedom of Information (Scotland) Act 2002, the Environmental Information Regulations 2004 or the Environmental Information (Scotland) Regulations 2004, or by order of a court or governmental or regulatory body or authority of competent jurisdiction; or
8.3.4 was known to the receiving party before the information was disclosed to it by the disclosing party.
8.4 This clause applies if the Client is a public authority to which the Environmental Information Regulations 2004, the Environmental Information (Scotland) Regulations 2004, the Freedom of Information Act 2000 or the Freedom of Information (Scotland) Act 2002 applies. If the Client receives a request for disclosure of information under any of this legislation which relates to information about this Agreement or any information which has been provided to the Client by RFA pursuant to this Agreement (whether within a Deliverable or otherwise) the Client shall notify RFA of the request and the Client’s proposed response to the request (including the date on which the Client intends to send its response to the request) within a reasonable period after receipt of the request and before any disclosure is made in response to the request.
8.5 Neither party shall make any public disclosures relating to this Agreement or the subject matter of this Agreement without the express prior written consent of the other party, except for any announcement intended solely for internal distribution or any disclosure required by legal, accounting or regulatory requirements. For the avoidance of doubt, neither party shall use the other party’s name, trademarks, logos or service marks in any advertising, promotion, endorsement or other forms of publicity or promotional material without the express prior written permission of the other party.
8.6 The obligations in this Clause 8 will remain in force notwithstanding termination of this Agreement for any reason.
9.1 Each party warrants and undertakes that it has the capacity and full legal authority to enter into this Agreement, that it has been signed by its duly authorised representative, that the making of this Agreement does not conflict with any of its existing obligations, and that once signed, this Agreement shall constitute its legal, valid, and binding obligations.
9.2 RFA makes no promise as to the quality or correctness of the deliverables. RFA accepts no responsibility for any inferences or conclusions drawn by the Client or, any third party based on the deliverables.
9.2.1 All deliverables are provided on an as-is, as-available basis. RFA does not make, and hereby disclaims, any warranty, express or implied with respect to the deliverables including, but not limited to, the correctness, completeness, currentness, or satisfactory quality, merchantability, or fitness for a particular purpose of the Deliverables or of the media on which the deliverables are delivered.
9.3 The Client promises and undertakes on an ongoing basis that it will comply with the provisions of the DP Act insofar as such provisions apply to it in relation to this Agreement, and that it will ensure that the provisions of the DP Act and the terms of this Agreement are observed by its employees, agents, and contractors.
9.4 Without prejudice to the generality of clause 9.4 and conditions 13 and 13 of these Terms and Conditions, the Client promises and undertakes on a continuing basis that:
9.4.1 it shall use the deliverables, derived materials and RFA data only in accordance with the Data Protection Legislation
9.4.2 in particular, and without limiting the extent of article 9.5.1, where the permitted purposes entails linking RFA data to data from any other source, there is a legal basis for this processing of the other data, and it will not violate the DP Act or any other duty of confidentiality.
9.4.3 where the Client has provided information about its arrangements to ensure security of information at RFA’s request prior to entering into this Agreement, that such information is and continues to be correct and accurate.
9.4.4 it shall use the deliverables, derived materials and RFA data only in accordance with the permitted purposes as agreed.
9.4.5 it has complied with any advice, undertaking or enforcement notice issued to it by the Information Commissioner following:
9.4.5.1 any audit by the Information Commissioner; or
9.4.5.2 any notification of a data security breach or any other breach of the data protection legislation by the Client;
9.4.6 it will not make or permit or pursue any analyses which allow the identification of individuals or, which permit or enable any other person to identify individuals.
9.5 Subject to section 9.6, the Client shall indemnify and keep RFA indemnified against all damages, fees, and expenses incurred by RFA as a result of the Client’s breach of this Agreement.
9.6 Subject to clause 9.8:
9.6.1 RFA has no obligations to the Client other than those specifically stated in this Agreement, whether in contract, tort, violation of statutory duty, or otherwise.;
9.6.2 RFA accepts no liability (however caused) for any loss of profit, business, contracts, revenues, increased costs or expenses, or any indirect or consequential loss occurring under this Agreement or otherwise in connection with any deliverable provided by RFA to the Client.
9.6.3 the maximum liability of RFA to the Client for any loss or damage of any kind arising from this Agreement shall not in any event exceed the lesser of:
9.6.3.1 where the full Payment is less than £10,000: 50% of the Payment and where the full Payment is more than £10,000: the sum of £5,000; or
9.6.3.2 50% of the aggregate amount actually received by RFA from the Client under this Agreement.
9.7 Neither party excludes or limits its liability to the other party for:
9.7.1 fraud or fraudulent misrepresentation;
9.7.2 death or personal injury caused by negligence;
9.7.3 a breach of any obligations implied by section 12 of the Sale of Goods Act 1979 or section 2 of the Supply of Goods and Services Act 1982 or subsequent legislation which replaces these provisions; or
9.7.4 any matter for which it would be unlawful for the parties to exclude liability.
9.8 Without limiting RFA’s other rights or remedies, the Client acknowledges and agrees that monetary damages would be an inadequate remedy for any breach of this Agreement’s provisions, and RFA shall be entitled to injunction, specific performance, and other equitable relief for any threatened or actual breach of this Agreement’s provisions by the Client.
9.9 The Client and RFA shall always maintain adequate insurance coverage for its liabilities and potential liabilities under this Agreement, including professional indemnity cover, employer’s liability cover, and public liability cover, to the extent that these are relevant and appropriate in light of the Client’s activities and the Permitted Purposes. RFA may legitimately request that the Client supply RFA with evidence of compliance with this paragraph 9.9.
10 TERMINATION
10.1 This Agreement shall commence on the Effective Date and shall continue in force for the Term unless terminated earlier in accordance with this Clause 10.
10.2 RFA may without liability terminate this Agreement immediately by written notice to the Client if:
10.2.1 RFA determines, in its own absolute discretion, that the Client is in material breach of any of its obligations under this Agreement. For the avoidance of doubt, any breach of clauses 3, 6.2 to 6.4, 7.2 to 7.4 or 8.2 or conditions 13 and 14 of these Terms and Conditions will always be a material breach; where such breach is capable of remedy, it is not remedied within thirty (30) days of receipt of notice from the non-defaulting party giving details of the breach and the steps required to remedy the breach; or
10.2.2 RFA finds, in its sole discretion, that the Client is or has acted in a manner that is or has been seriously averse to RFA’s goodwill and reputation, or to the harm of RFA’s relationship with external institutions, regulators, or representative organisations.; or
10.2.3 RFA is unable to supply the Services to the Client within 14 days of the Commencement Date; or
10.2.4 an Insolvency Event occurs in relation to the Client; or
10.2.5 the Client ceases, or threatens to cease, to carry out business; or
10.2.6 RFA has a reasonable belief that any of the events listed in clauses 10.1.1 to RFA will occur if RFA is in significant violation of its duties to the Client under this Agreement.
10.3 Clauses 3, 5, 6, 7, 8, 9, 11 and this clause 10 and conditions 13 and 14 of these Terms and Conditions shall survive termination expiration of this Agreement.
10.4 Termination and Payment. Either party may terminate this Agreement at the end of any Contract Year by providing the other party with a minimum of ninety (90) days’ written notice. In the absence of valid notice, this Agreement shall continue into the next Contract Year unless terminated otherwise in accordance with the terms of this Agreement. Otherwise, termination mutually agreed to by both parties or expiration of this Agreement, the Client shall pay all unpaid and outstanding fees through the effective date of termination or expiration of this Agreement.
10.5 In the event that the client terminates the Agreement prior to the renewal or initial term anniversary, and without the mutual agreement of RFA, the Client will be liable for the remainder of the “Term”.
10.6 Termination shall be without prejudice to the parties’ rights accrued up to the Termination Date, provided that all payments due from the Client to RFA shall become immediately payable upon the Termination Date.
10.7 Termination or expiration of this Agreement shall not release either party from any obligation or liability incurred prior to the date of termination or expiry.
10.8 Termination or expiry of this Agreement for any reason shall not terminate any rights, liabilities or obligations set forth in this Agreement which by their nature or context would be or are intended to survive and be applicable following such termination or expiry.
11 NOTICES
11.1 Any notice to be given pursuant to this Agreement:
11.1.1 shall be in writing; and
11.1.2 shall be delivered by hand or sent by first class post, recorded delivery or by commercial courier to the party due to receive such notice at its address set out in the SOW or such other address or addressee as any party may notify to the other from time to time:
11.1.3 In the absence of evidence of earlier receipt any such notice shall be deemed to have been given or received:
11.1.3.1 if delivered by hand, when delivered; or
11.1.3.2 on the second business day following the day of sending if sent by post or recorded delivery; or
11.1.3.3 on the date and at the time that the courier’s delivery receipt is signed if sent by commercial courier.
12 FORCE MAJEURE
Neither party shall be liable to the other in respect of anything which, apart from this provision, may constitute a breach of this Agreement arising by reason of force majeure, namely circumstances beyond the control of either party which shall include (but shall not be limited to) acts of God, perils of the sea or air, fire, flood, drought, explosion, sabotage, accident, embargo, riot, civil commotion or civil authority, including acts of local government and parliamentary authority and if such force majeure causes delay or failure that continues for at least thirty (30) consecutive days, the party not subject to the event of force majeure shall be entitled to terminate this Agreement by notice in writing to the other.
13 USE OF DELIVERABLES AND DERIVED MATERIALS:
GENERAL PROVISIONS:
This Condition sets out the important rules which apply to your use of RFA data. Please read them carefully in full. It is particularly important that you understand the fundamental conditions on use of data relating to individuals.
In summary, these are: RFA data relating to individuals must:
13.1 For the avoidance of doubt, references in this condition and in the permitted purposes to the use of deliverables or derived materials include the use or reproduction of any part thereof and the use or reproduction of any RFA Data within deliverables and derived materials. “Use” includes any action which would constitute “processing” under the DP Act.
13.2 The Client shall produce derived materials only as provided for in the permitted purposes. This includes the use of RFA data to produce derived material. Except as expressly permitted for in the permitted purposes:
13.2.1 The Client shall not otherwise alter the records or manipulate or modify them in any way or merge any of the records with any other products or services; and
13.2.2 The Client shall not otherwise disaggregate the data or develop any database, information file or service from such dis-aggregation; and
13.2.3 The Client shall not otherwise (i) combine the data or any part thereof with another database or with any other information file whether for the purpose of creating a new database, information file or otherwise and (ii) shall keep the data separate from other databases and/or data.
13.3 Where a review date is specified by the specified date the Client must carry out a review to determine whether RFA data within the relevant deliverables is still required for the permitted purposes. The Client must retain a record of the review and its determination as to whether retention of the data is required. Such a record should constitute the relevant part of any Legitimate Interest Assessment.
13.4 Where the contract comes to an end and that RFA’s data within that deliverable is no longer required for the permitted purposes; or where the Client otherwise determines that the RFA data within a deliverable is no longer required for the permitted purposes; or where the Client’s licence to use the deliverable is otherwise terminated through termination of this Agreement; where any of these conditions apply:
13.4.1 The Client shall destroy or procure the destruction of all RFA data provided within the deliverable. “destroy” means permanently destroy all hard and electronic copies of such data and permanently expunge the data from all computers, file or document management systems and networks within the control of the Client or any third parties to whom the data has been passed within the permitted purposes.
13.5 The Client shall not use, reproduce, pass on, publish, permit the use by or otherwise make available to any third party (on a commercial basis or otherwise) the deliverables or any part thereof including any RFA data or any derived materials, save:
13.5.1 as expressly provided for within the permitted purposes in relation to the relevant data fields or types of derived material;
13.5.2 as required by law; or
13.5.3 with RFA’s explicit prior written consent. For the avoidance of doubt, “publication” shall include both publication in hard copy form and inclusion of material on an internet website, intranet, extranet or other method of accessing information electronically.
13.6 The Client shall inform RFA immediately if it considers that, or it becomes aware of any circumstances which mean or may mean that, the deliverables, derived materials or any RFA data have been used otherwise than in accordance with this agreement and the permitted purposes.
13.7 RFA data within the deliverables shall not be transferred out of or processed outside the United Kingdom without the prior explicit consent of RFA.
14 PERMITTED PURPOSES
This clause states the permitted purposes i.e. the purposes for which the deliverables and derived materials may be used. These permissions are subject to the restrictions set out in this Agreement. If the Client is in any doubt as to what is permitted, they must contact RFA to request clarification and/or permission for any use beyond these terms.
14.1 Permission for use of the deliverables and derived Materials, including RFA data, is only granted as set out below.
14.1.1 Where RFA data is specified in the order form to these Standard terms and Conditions is defined and accordingly treated as personal data, these permissions are also limited by the Data Protection Act 2018. In the event of any doubt as to its meaning this condition shall be interpreted restrictively in line with the requirements of the DPA 2018 and applicable requirements under GDPR.
14.1.2 The permitted purposes being defined in the order form as agreed.
14.1.3 Where for the purpose of the agreed project in the order form, the customer shall abide by those reasonable usage requirements as indicated. The data provided is subject to usage limits, including the quantities specified in order form.
14.1.4 Where the customer exceeds any applicable usage limit as indicated in the order form, RFA may work with the customer to seek to reduce usage so that it conforms to that limit. If, notwithstanding our efforts, the customer is unable or unwilling to abide by a contractual usage limit, RFA will execute a new order form for additional quantities of the applicable services or content promptly upon request, and/ or pay any invoice for excess usage.
14.2 The Customer shall take reasonable steps to ensure the reliability of any employee, agent or contractor who may have access to RFA’s Data, ensuring in each case that access is strictly limited to those individuals who need to know / access the relevant data, as strictly necessary for the purposes of this Principal Agreement and to comply with Applicable Laws ensuring that all such individuals are subject to confidentiality undertakings or professional or statutory obligations of confidentiality.
15 INDEMNITY
15.1 Warranty and Indemnification. RFA represents and warrants that (i) it has the requisite skills, experience, knowledge and expertise to perform the services described in the order form; (ii) the services and deliverables in the form provided by RFA do not infringe upon any copyright, trademark, trade secret or other Intellectual Property Rights of any third party; that (iii) it will comply with all applicable laws, including privacy and data protection laws.
15.2 RFA shall indemnify and hold the Client harmless against all liability imposed or claimed, including legal’ fees and other legal expenses, arising directly or indirectly from any breach, act or failure of RFA or its employees or subcontractors, including all claims relating to the injury or death of any person or damage to any property.
16 GENERAL CONDITIONS AND REQUIREMENTS
16.1 This Agreement comprises the order form, applicable data processing agreement and the Standard Terms and Conditions. None of the documents that form part of this Principal Agreement are to be interpreted or applied separately from the other.
16.2 This Agreement, any data transfer or processing agreements between RFA and the Client and all attached schedules and appendices constitute the entire agreement between RFA and the Client regarding its subject matter and all prior agreements, both oral and written, between the parties on this subject matter are cancelled, replaced and superseded by this Agreement. The headings in this Agreement are for ease of reference and shall not affect its interpretation.
16.3 The parties confirm that they did not enter into this Agreement based on any representations not expressly incorporated into it. Each party irrevocably and unconditionally waives any right it may have to seek damages and/or terminate this Agreement due to a breach of any warranty not expressly stated in this Agreement or a misrepresentation not expressly stated in this Agreement, unless such misrepresentation was made fraudulently.
16.4 The Client shall not be entitled to sub-licence any of the rights granted to it nor to sub-contract any of the obligations imposed on it by RFA under this Agreement.
16.5 If, for any reason, any part of this Agreement is held to be or becomes illegal, void, or otherwise unenforceable under any applicable law, the parties shall negotiate in good faith to amend such provision so that, as amended, it is legal, valid, and enforceable and, to the greatest extent possible, achieves the parties’ original intention. The other terms of this Agreement’s validity and/or enforceability are not altered or hindered in any manner because of such omission.
16.6 RFA reserves the right to change these terms and conditions at any time without prior notice. In the event that any changes are made, the revised terms and conditions shall be posted on this website immediately. Please check the latest information posted herein to inform yourself of any changes.
17.1 The parties agree to adopt the following procedures with respect to the resolution of any disputes which may arise during the term of this Agreement, save that neither party shall be precluded from applying to a competent court for injunctive or declaratory relief where the circumstances require such relief immediately.
17.2 In the event that one party believes that another party has failed to perform any of its obligations under this Agreement, such party’s Representative shall promptly notify the other party’s t Representative and request a meeting. The Representatives will discuss the problem and negotiate in good faith in an effort to promptly resolve the dispute without any formal proceedings. If the Representatives are unable to resolve the dispute within fourteen (14) days after their first meeting, each party will appoint a designated officer of its business to attempt to resolve the dispute. No litigation for the resolution of such disputes may be commenced until the designated officers have met and either party has concluded in good faith that amicable resolution through continued negotiation does not appear possible.
18.1 This Agreement shall be governed by and construed in accordance with English and Welsh Law and, the Client submits to the exclusive jurisdiction of the English and Welsh Courts.
APPENDIX 1
Databases are protected in two ways:
1. under the law of copyright and the specific rules that apply in relation to databases; and
2. under the UK Copyright and Rights in Databases Regulations 1997.
Copyright
Databases are treated as a class of literary works and may therefore receive copyright protection for the selection and/or arrangement of the contents provided that they were recorded in some medium and were the “author’s own intellectual creation”. A database will only be original if “by reason of the selection or arrangement of the contents of the database the database constitutes the author’s own intellectual creation”.
Pursuant to UK law, copyright in a database lasts for 70 years from the end of the calendar year in which the author of the database dies. The copyright owner is the creator of the database, therefore businesses need to exercise caution when engaging a contractor to create a database for it. The contractor is likely to be the owner of copyright in the database and if a business wants to own the copyright it must enter into an agreement with the contractor which contains an assignment of copyright.
The principles of infringement of database copyright are the same as those for other types of copyright work.
Database right
If a set of data comes within the definition of a database, it will qualify for protection in its own right under the Databases Regulations if there has been a “substantial investment” in obtaining, verifying or presenting the contents of the database. Investment covers “financial, human or technical” investment and substantial is interpreted in “terms of quantity or quality or a combination of both”.
In contrast to copyright, the maker of a database is the first owner, with the maker defined as the person who “takes the initiative in obtaining, verifying or presenting the contents of a database and assumes the risk of investing in that obtaining, verification or presentation”.
Database right lasts for 15 years from the end of the calendar year in which the making of the database was completed. Although this is shorter than the duration of copyright, if a “substantial change” to the contents of a database which constitutes a “substantial new investment”, the amended database will qualify for a new 15-year term. In effect, this means that an indefinite term of protection is available for the many databases that are continually updated.
A database right is infringed if a person extracts or re-utilises all or a substantial part of the contents of the database without the owner’s permission. In addition, the repeated and systematic extraction or re-utilisation of insubstantial parts of the contents of the database may also amount to the extraction or the re-utilisation of a substantial part of those contents.
APPENDIX 2
Data Protection
1.1 The Data Processing Agreement Data Processing Addendum Controller | Red Flag Alert sets out the framework for the sharing of Personal Data between the parties as defined as Data Controllers and Data Processors
1.2 For the purposes of this Schedule:
1.2.1 the terms “Data Controller”, “Data Subject” and “Personal Data” shall have the meanings as defined in the Data Protection Legislation;
1.2.2 “Data Protection Legislation” in the UK means all legislation and regulatory requirements in force from time to time relating to the use of personal data and the privacy of electronic communications, including, without limitation (i) any data protection legislation from time to time in force in the UK including the Data Protection Act 2018 or any successor legislation, as well as (ii) the General Data Protection Regulation and any other directly applicable European Union regulation relating to data protection and privacy (for so long as and to the extent that the law of the European Union has legal effect in the UK.