This agreement is dated as set out in the schedule
A. This Addendum has been issued by the Information Commissioner for Parties making Restricted Transfers. The Information Commissioner considers that it provides Appropriate Safeguards for Restricted Transfers when it is entered into as a legally binding contract.
B. The Exporter and the Importer entered into a commercial agreement for the provision of marketing and lead generation services by the Importer to the Exporter, for the benefit of the Exporter’s customers (Agreement) containing schedule setting out the commercial arrangement of the Parties (the Schedule). This Addendum only applies to the extent that the Importer receives personal data from the Exporter, and the Importer is located outside of the United Kingdom and the European Economic Area.
C. This Addendum forms part of the Agreement. Except as set out in the Addendum, the Agreement will continue in full force and effect. In the event of a conflict between the Agreement and this Addendum, this Addendum will take precedence.
D. In this Addendum, expressions defined in the Agreement and used in this Addendum have the meaning set out in the Agreement unless otherwise defined. The rules of interpretation set out in the Agreement apply to this Addendum unless this Addendum states otherwise.
The Parties | Exporter (who sends the Restricted Transfer) | Importer (who receives the Restricted Transfer) |
Parties’ details | Full legal name: ALUMNILAB LIMITED | Full legal name: as set out in the Schedule |
Trading name (if different): Whistle | Trading name (if different): N/A | |
Main address (if a company registered address): 201 Haverstock Hill Second Floor C/O FKGB, London, England, NW3 4QG | Main address (if a company registered address): as set out in the Schedule |
Official registration number (if any) (company number or similar identifier): 11700744 | Official registration number (if any) (company number or similar identifier): N/A | |
Key contacts | Full name (optional): David Zeff | Full name (optional): as set out in the Schedule |
Job title: CEO | Job title: N/A | |
Contact details including email: david@whistle.ltd, +972584140788 | Contact details including email: as set out in the Schedule |
Addendum EU SCCs | The Approved EU SCCs, including the Appendix Information and with only the following modules, clauses or optional provisions of the Approved EU SCCs brought into effect for the purposes of this Addendum. | |||||
Module | Module in operation | Clause 7 (Docking Clause) | Clause 11 (Option) | Clause 9a (Prior Authorisation or General Authorisation) | Clause 9a (Time period) | Is personal data received from the Importer combined with personal data collected by the Exporter? |
C2P | Module 2 | No | No | Prior Authorisation | 90 days | – |
P2P | Module 3 | No | No | Prior Authorisation | 90 days | – |
“Appendix Information” means the information which must be provided for the selected modules as set out in the Appendix of the Approved EU SCCs (other than the Parties), and which for this Addendum is set out in:
Annex 1A: List of Parties: As stated in the main agreement |
Annex 1B: Description of Transfer: The provision of marketing and lead generation services by the Importer to the Exporter, for the benefit of the Exporter’s customers. |
Annex II: Technical and organisational measures including technical and organisational measures to ensure the security of the data: see Part 3 |
Annex III: List of Subprocessors (Modules 2 and 3 only): N/A |
Ending this Addendum when the Approved Addendum changes | Which Parties may end this Addendum as set out in Section 19:
|
1. Each Party agrees to be bound by the terms and conditions set out in this Addendum, in exchange for the other Party also agreeing to be bound by this Addendum.
2. Although Annex 1A and Clause 7 of the Approved EU SCCs require signature by the Parties, for the purpose of making Restricted Transfers, the Parties may enter into this Addendum in any way that makes them legally binding on the Parties and allows data subjects to enforce their rights as set out in this Addendum. Entering into this Addendum will have the same effect as signing the Approved EU SCCs and any part of the Approved EU SCCs.
3. Where this Addendum uses terms that are defined in the Approved EU SCCs, those terms shall have the same meaning as in the Approved EU SCCs. In addition, the following terms have the following meanings:
Addendum: This International Data Transfer Addendum which is made up of this Addendum incorporating the Addendum EU SCCs.
Addendum EU SCCS: The version(s) of the Approved EU SCCs which this Addendum is appended to, as set out in Table 2, including the Appendix Information.
Appendix Information: As set out in Table 3.
Appropriate Safeguards: The standard of protection over the personal data and of data subjects’ rights, which is required by UK Data Protection Laws when you are making a Restricted Transfer relying on standard data protection clauses under Article 46(2)(d) of the UK GDPR.
Approved Addendum: The template Addendum issued by the ICO and laid before Parliament in accordance with section 119A of the Data Protection Act 2018 on 2 February 2022, as it is revised under Section 18.
Approved EU SCCs: The Standard Contractual Clauses set out in the Annex of Commission Implementing Decision (EU) 2021/914 of 4 June 2021.
ICO: The Information Commissioner.
Restricted Transfer: A transfer which is covered by Chapter V of the UK GDPR.
UK: The United Kingdom of Great Britain and Northern Ireland.
UK Data Protection Laws: All laws relating to data protection, the processing of personal data, privacy and/or electronic communications in force from time to time in the UK, including the UK GDPR and the Data Protection Act 2018.
UK GDPR: As defined in section 3 of the Data Protection Act 2018.
4. This Addendum must always be interpreted in a manner that is consistent with UK Data Protection Laws and so that it fulfils the Parties’ obligation to provide the Appropriate Safeguards.
5. If the provisions included in the Addendum EU SCCs amend the Approved SCCs in any way which is not permitted under the Approved EU SCCs or the Approved Addendum, such amendment(s) will not be incorporated in this Addendum and the equivalent provision of the Approved EU SCCs will take their place.
6. If there is any inconsistency or conflict between UK Data Protection Laws and this Addendum, UK Data Protection Laws applies.
7. If the meaning of this Addendum is unclear or there is more than one meaning, the meaning which most closely aligns with UK Data Protection Laws applies.
8. Any references to legislation (or specific provisions of legislation) means that legislation (or specific provision) as it may change over time. This includes where that legislation (or specific provision) has been consolidated, re-enacted and/or replaced after this Addendum has been entered into.
9. Although Clause 5 of the Approved EU SCCs sets out that the Approved EU SCCs prevail over all related agreements between the parties, the parties agree that, for Restricted Transfers, the hierarchy in Section 10 will prevail.
10. Where there is any inconsistency or conflict between the Approved Addendum and the Addendum EU SCCs (as applicable), the Approved Addendum overrides the Addendum EU SCCs, except where (and in so far as) the inconsistent or conflicting terms of the Addendum EU SCCs provides greater protection for data subjects, in which case those terms will override the Approved Addendum.
11. Where this Addendum incorporates Addendum EU SCCs which have been entered into to protect transfers subject to the General Data Protection Regulation ((EU) 2016/679), then the Parties acknowledge that nothing in this Addendum impacts those Addendum EU SCCs.
12. This Addendum incorporates the Addendum EU SCCs which are amended to the extent necessary so that:
(a) together they operate for data transfers made by the data exporter to the data importer, to the extent that UK Data Protection Laws apply to the data exporter’s processing when making that data transfer, and they provide Appropriate Safeguards for those data transfers;
(b) Sections 9 to 11 override Clause 5 (Hierarchy) of the Addendum EU SCCs; and
(c) this Addendum (including the Addendum EU SCCs incorporated into it) is (1) governed by the laws of England and Wales and (2) any dispute arising from it is resolved by the courts of England and Wales, in each case unless the laws and/or courts of Scotland or Northern Ireland have been expressly selected by the Parties.
13. Unless the Parties have agreed alternative amendments which meet the requirements of Section 12, the provisions of Section 15 will apply..
14. No amendments to the Approved EU SCCs other than to meet the requirements of Section 12 may be made.
15. The following amendments to the Addendum EU SCCs (for the purpose of Section 12) are made: (a) references to the “Clauses” mean this Addendum, incorporating the Addendum EU SCCs;
(b) In Clause 2, delete the words:
“and, with respect to data transfers from controllers to processors and/or processors to processors, standard contractual clauses pursuant to Article 28(7) of Regulation (EU) 2016/679”;
(c) Clause 6 (Description of the transfer(s)) is replaced with:
“The details of the transfers(s) and in particular the categories of personal data that are transferred and the purpose(s) for which they are transferred) are those specified in Annex I.B where UK Data Protection Laws apply to the data exporter’s processing when making that transfer.”;
(d) Clause 8.7(i) of Module 1 is replaced with:
“it is to a country benefitting from adequacy regulations pursuant to Section 17A of the UK GDPR that covers the onward transfer”;
(e) Clause 8.8(i) of Modules 2 and 3 is replaced with:
“the onward transfer is to a country benefitting from adequacy regulations pursuant to Section 17A of the UK GDPR that covers the onward transfer;”
(f) References to “Regulation (EU) 2016/679”, “Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation)” and “that Regulation” are all replaced by “UK Data Protection Laws”. References to specific Article(s) of “Regulation (EU) 2016/679” are replaced with the equivalent Article or Section of UK Data Protection Laws;
(g) References to Regulation (EU) 2018/1725 are removed;
(h) References to the “European Union”, “Union”, “EU”, “EU Member State”, “Member State” and “EU or Member State” are all replaced with “the UK”;
(i) The reference to “Clause 12(c)(i)” at Clause 10(b)(i) of Module 1 is replaced with “Clause 11(c)(i)”;
(j) Clause 13(a) and Part C of Annex I are not used;
(k) The “competent supervisory authority” and “supervisory authority” are both replaced with the “Information Commissioner”;
(l)In Clause 16(e), subsection (i) is replaced with:
“the Secretary of State makes regulations pursuant to Section 17A of the Data Protection Act 2018 that cover the transfer of personal data to which these clauses apply;”;
(m) Clause 17 is replaced with:
“These Clauses are governed by the laws of England and Wales.”;
(n) Clause 18 is replaced with:
“Any dispute arising from these Clauses shall be resolved by the courts of England and Wales. A data subject may also bring legal proceedings against the data exporter and/or data importer before the courts of any country in the UK. The Parties agree to submit themselves to the jurisdiction of such courts.”; and
(o) The footnotes to the Approved EU SCCs do not form part of the Addendum, except for footnotes 8, 9, 10 and 11.
16. The Parties may agree to change Clauses 17 and/or 18 of the Addendum EU SCCs to refer to the laws and/or courts of Scotland or Northern Ireland.
17. If the Parties wish to change the format of the information included in Part 1: Tables of the Approved Addendum, they may do so by agreeing to the change in writing, provided that the change does not reduce the Appropriate Safeguards.
18. From time to time, the ICO may issue a revised Approved Addendum which:
(a) makes reasonable and proportionate changes to the Approved Addendum, including correcting errors in the Approved Addendum; and/or
(b) reflects changes to UK Data Protection Laws.
The revised Approved Addendum will specify the start date from which the changes to the Approved Addendum are effective and whether the Parties need to review this Addendum including the Appendix Information. This Addendum is automatically amended as set out in the revised Approved Addendum from the start date specified.
19. If the ICO issues a revised Approved Addendum under Section 18, if any Party selected in Table 4 “Ending the Addendum when the Approved Addendum changes”, will as a direct result of the changes in the Approved Addendum have a substantial, disproportionate and demonstrable increase in:
(a) its direct costs of performing its obligations under the Addendum; and/or
(b) its risk under the Addendum,
and in either case it has first taken reasonable steps to reduce those costs or risks so that it is not substantial and disproportionate, then that Party may end this Addendum at the end of a reasonable notice period, by providing written notice for that period to the other Party before the start date of the revised Approved Addendum.
20. The Parties do not need the consent of any third party to make changes to this Addendum, but any changes must be made in accordance with its terms.
Mandatory Clauses | Part 2: Mandatory Clauses of the Approved Addendum, being the template Addendum B1.0 issued by the ICO and laid before Parliament in accordance with section 119A of the Data Protection Act 2018 on 2 February 2022, as it is revised under Section 18 of those Mandatory Clauses |
The Importer agrees that it shall take all reasonably necessary steps and security precautions in accordance with commercially reasonable industry standards to minimise the risk of unauthorised access to, or sabotage of, personal data that is provided to the Importer during the provision of services by the Exporter under the Agreement.
The Importer will maintain and keep updated a comprehensive information security policy aligned to industry best practice that contains procedures designed to protect the security of personal data in electronic form while under the Importer’s possession, custody or control that cover the areas below:
The Importer shall develop, administer and maintain appropriate policies that are designed to protect the Importer’s information systems from loss, damage, unauthorised disclosure or disruption of business, which includes the physical protection and logical segmentation of information systems, including any personal data provided to the Importer in the performance of the Services by the Exporter, to be processed or transmitted.
2.1 The Importer shall retain suitably qualified personnel, with clearly defined roles and responsibilities, within their information security organisation, to coordinate the implementation of security for the Importer organisation.
2.2 The Importer shall determine requirements for sensitivity, protection and disclosure of information, and shall review such requirements annually.
2.3 The Importer shall effectively segregate duties, roles and responsibilities, to prevent unauthorised use of the Importer’s business critical information assets.
3.1 The Importer shall maintain procedures to identify, control and maintain the ownership and security classification of key the Importer assets and personal data held within the Importer data center infrastructure.
3.2 The Importer shall create policies defining the acceptable use of information and assets, and promulgate these to all appropriate users of the Importer assets and information.
4.1 The Importer shall develop and implement policies and procedures regarding the suitability of The Importer personnel and third parties in relation to their roles and responsibilities.
4.2 The Importer shall provide appropriate awareness training and access to information, so that the Importer users and third parties understand their IT Security responsibilities in relation to personal data.
4.3 The Importer shall perform necessary procedures for the Importer employees upon change of role, end of engagement, termination of employment, contract or agreement.
5.1 The Importer shall institute physical and environmental controls and safeguards designed to preserve the integrity and availability of the Importer information systems and the personal data contained on them, whether they are in use at the Importer facilities, sites or third party locations.
5.2 The Importer shall provide measures for maintaining and supporting the infrastructure of information and information systems, including the physical protection of any equipment associated with any Exporter services or projects.
The Importer shall define a suitable set of processes and procedures for the effective management of the communications network systems and information processing facilities that contain personal data, including:
7.1 The Importer shall implement procedures designed to control access to information systems, personal data, including providing user identification and access controls.
7.2 The Importer shall seek to limit access to the Exporter’s Confidential Information and personal data to authorised users on a least privilege basis, granting access based upon business requirements.
8.1 With regard to the specification, acquisition, development and maintenance of information systems, including both those procured from external vendors and those internally produced, The Importer shall determine the necessary confidentiality, integrity and availability requirements, and continue to review these against an enduring risk profile through the usage lifecycle.
8.2 The Importer shall define and maintain principles for the appropriate security aspects of any software development lifecycle.
8.3 The Importer shall identify and evaluate notified technical vulnerabilities and threats, and shall deploy an effective patch and vulnerability management policy designed to remediate the Importer’s information systems where necessary.
9.1 The Importer shall prepare and maintain an incident response plan and program, containing procedures and directions to follow in the event of an incident related to the security of the Importer’s computing infrastructure, documenting the necessary steps and channels of communication to be followed.
9.2 The Importer shall incorporate into such directions appropriate procedures for notifying the Exporter and other necessary stakeholders promptly if any security incident is determined to have caused a personal data breach.
10.1 The Importer shall develop and maintain business continuity impact analyses and disaster recovery plans designed to maintain the Importer’s receipt of the Services with minimal interruption. Each plan shall detail measures to support the effective restoration of services, to resume operations as soon as possible after an emergency.
10.2 The Importer shall conduct periodic testing on its most critical business applications, to provide assurance that they are readily available in the event of a declared disaster.
10.3 The Importer shall take backups offsite, to support the recoverability of the Importer systems in the event of a disaster.
11.1 The Importer’s information systems shall comply with all applicable security requirements and policies, applicable laws and regulatory requirements.
11.2 The Importer shall implement appropriate audit controls, limiting access to tools and systems thus preventing misuse or compromise, and confirming that audits comply with the Importer’s information security policy.
The Importer shall develop and implement a policy on the use of cryptographic controls for the enduring protection, confidentiality and preservation of integrity of sensitive information and assets.
The Importer shall establish and maintain formal agreements with infrastructure vendors involved in the service delivery management of the Importer’s information systems, incorporating where appropriate the necessary security controls, policies and service level agreements.
This Addendum has been entered into on the date stated in the schedule.
21.1 Definitions:
Agreement: these Terms and Conditions together with the Schedule and any document referred to in these Terms and Conditions or the Schedule.
Business of Whistle: the provision of sales, sales development, marketing, revenue operations, software reselling, course creation and development, business analytics and business consultancy services to our customers primarily through the provision of agents for hire, software and online courses for sale or resale and marketing and sales strategies.
Business Opportunities: any opportunities of which you become aware during the Engagement which relate to us or which we reasonably consider might be of benefit to us.
Business Day: a day, other than a Saturday, Sunday or public holiday in England, when banks in London are open for business.
Capacity: as agent, consultant, director, employee, owner, partner, shareholder or in any other capacity.
Commencement Date: has the meaning given to it in the Schedule.
Client Property: all documents, books, manuals, materials, records, correspondence, papers and information (on whatever media and wherever located) relating to the Business of Whistle or our affairs or our customers and business contacts, and any equipment, keys, hardware or software provided for your use by us during the Engagement, and any data or documents (including copies) produced, maintained or stored by you on our or your own computer systems or other electronic equipment during the Engagement.
Confidential Information: information in whatever form (including in written, oral, visual or electronic form or on any magnetic or optical disk or memory and wherever located) relating to our business, customers, clients, suppliers, products, affairs and finances for the time being confidential to us and trade secrets including technical data and know- how relating to our Business of Whistle or any of our suppliers, customers, clients, agents, distributors, shareholders, management or business contacts, and including information that you create, develop, receive or obtain in connection with your Engagement, whether or not such information (if in anything other than oral form) is marked confidential.
controller, processor, data subject, personal data, personal data breach and processing: have the meanings given to them in the Data Protection Legislation.
Data Protection Legislation: all applicable data protection and privacy legislation in force from time to time in the UK including the retained EU law version of the General Data Protection Regulation ((EU) 2016/679) (UK GDPR), the Data Protection Act 2018 (and regulations made thereunder) or any successor legislation, and all other legislation and regulatory requirements in force from time to time which apply to a party relating to the use of personal data (including, without limitation, the privacy of electronic communications).
Deliverable: any outputs of the Services and any other documents or materials provided by you to us as specified in the Schedule or in relation to the Services (excluding your own equipment), and which includes the Works and the Inventions.
Engagement: your engagement by us on the terms of this Agreement.
Fees: the fees payable by us to you for your provision to us of the Services, as may be set out in the Schedule.
Intellectual Property Rights: patents, utility models, rights to Inventions, copyright and neighbouring and related rights, moral rights, trademarks and service marks, business names and domain names, rights in get-up, goodwill and the right to sue for passing off or unfair competition, rights in designs, rights in computer software, database rights, rights to use, and protect the confidentiality of, confidential information (including know-how and trade secrets) and all other intellectual property rights, in each case whether registered or unregistered and including all applications and rights to apply for and be granted, renewals or extensions of, and rights to claim priority from, such rights and all similar
or equivalent rights or forms of protection which subsist or will subsist now or in the future in any part of the world.
Invention: any invention, idea, discovery, development, improvement or innovation made by you in the provision of the Services, whether or not patentable or capable of registration, and whether or not recorded in any medium.
Restricted Customer: any firm, company or person who is or has been at any time during the immediately preceding 12 months a customer or prospective customer of, or in the habit of dealing with, us, and/or serviced as our customer by you.
Schedule: the written document we provide to you containing specific information relating to the particular services you are to deliver for us and for our customers.
Services: the services provided by you in a consultancy capacity for us as more particularly described in the Schedule.
Termination Date: the date of termination of this Agreement, howsoever arising.
Works: all records, reports, documents, papers, databases, data sets, drawings, designs, transparencies, photos, graphics, logos, typographical arrangements, software and all other materials in whatever form, including hard copy and electronic form, prepared by you in the provision of the Services.
you / your: the consultant named in the Schedule.
21.2 The headings in this Agreement are inserted for convenience only and shall not affect its construction.
21.3 A reference to a particular law is a reference to it as it is in force for the time being taking account of any amendment, extension, or re- enactment and includes any subordinate legislation for the time being in force made under it.
21.4 Unless the context otherwise requires, words in the singular shall include the plural and in the plural shall include the singular.
21.5 Any phrase introduced by the terms “including”, “include”, “in particular” or any similar expression, shall be construed as illustrative, shall not limit the sense of the words preceding or following those terms, and shall be deemed to be followed by the words “without limitation” unless the context requires otherwise.
22.1 We shall engage you, and you shall provide the Services to us, on the terms of this Agreement.
22.2 This Agreement shall be legally formed and the Parties shall be legally bound when you agree to supply the Services in accordance with the terms of the Schedule (as may be varied by us in writing). Your acceptance of that Schedule shall be deemed to have taken place (and this Agreement entered into) on the earlier of:
(a) the date on which you agree to provide the Services in accordance with the terms of the Schedule; or
(b) the date on which you commence the provision of the Services.
22.3 This Agreement shall continue unless and until terminated:
(a) as provided by the terms of the schedule.
23.1 During the Engagement you shall:
(a) provide the Services, including the Deliverables, with all due care, skill and ability and use your best endeavours to promote our interests; and
(b) promptly give us all such information and reports as we may reasonably require in connection with matters relating to the provision of the Services, including the Deliverables, or the Business of Whistle.
23.2 If you are unable to provide the Services due to illness or injury, you shall advise us of that fact as soon as reasonably practicable. For the avoidance of doubt, no Fee shall be payable in accordance with clause 24 in respect of any period during which the Services are not provided.
23.3 You shall use reasonable endeavours to ensure that you are available at all times on reasonable notice to provide such assistance or information as we may require.
23.4 Unless you have been specifically authorised to do so by us in writing, you shall not:
(a) have any authority to incur any expenditure in the name of or for our account; or
(b) hold yourself out as having authority to bind us.
23.5 You shall comply with our policies (if any) as may be communicated to you by us from time to time.
23.6 You undertake to us that during the Engagement you shall take all reasonable steps to offer (or cause to be offered) to us any Business Opportunities as soon as practicable after the same shall have come to your knowledge and, in any event, before the same shall have been offered by you (or caused by yourself to be offered) to any other party provided that nothing in this clause shall require you to disclose any Business Opportunities to us if to do so would result in a breach by you of any obligation of confidentiality or of any fiduciary duty owed by you to any third party.
23.7 You may use a third party to perform any administrative, clerical or secretarial functions which are reasonably incidental to the provision of the Services provided that:
(a) we will not be liable to bear the cost of such functions; and
(b) at our request the third party shall be required to enter into direct undertakings with us, including with regard to confidentiality.
23.8 You shall:
(a) comply with all applicable laws, regulations, codes and sanctions relating to anti-bribery and anti-corruption including the Bribery Act 2010;
(b) not engage in any activity, practice or conduct which would constitute an offence under sections 1, 2 or 6 of the Bribery Act 2010 if such activity, practice or conduct had been carried out in the UK;
(c) promptly report to us any request or demand for any undue financial or other advantage of any kind you have received in connection with the performance of this Agreement; and
(d) ensure that all persons associated with you or other persons who are performing services in connection with this Agreement comply with this clause 23.8.
23.9 You shall:
(a) not engage in any activity, practice or conduct which would constitute either:
(i) a UK tax evasion facilitation offence under section 45(1) of the Criminal Finances Act 2017; or
(ii) a foreign tax evasion facilitation offence under section 46(1) of the Criminal Finances Act 2017;
(b) promptly report to us any request or demand from a third party to facilitate the evasion of tax within the meaning of Part 3 of the Criminal Finances Act 2017 or any suspected tax evasion offences or facilitation of tax evasion offences, whether under English law or under the law of any foreign country, in connection with the performance of this Agreement; and
(c) ensure that all persons associated with you or other persons who are performing services in connection with this Agreement comply with this clause 23.9.
23.10 Your failure to comply with clause 23.8 and/or clause 23.9 shall entitle us to immediately terminate this Agreement.
24.1 In consideration of the Services provided by you pursuant to this Agreement, we will pay to you the Fees
24.2 Any adjustment to the Fees is at our discretion and shall be subject to any performance criteria we deem appropriate.
24.3 You shall invoice us as set out in the Schedule. Each invoice shall give details of the hours you have worked during the relevant month, the Services provided and the Fees payable (plus VAT, if applicable) for the Services during that month.
24.4 We shall be entitled to deduct from the Fees (and any other sums) due to you any sums that you may owe us at any time.
24.5 Payment in full or in part of the Fees claimed under clause 24 shall be without prejudice to any claims or rights we may have against you in respect of the provision of the Services or otherwise in respect of the Engagement.
24.6 You shall bear your own expenses incurred in the course of the Engagement unless, at our discretion, such expense is agreed in writing by us in advance and is subject to production of receipts or other appropriate evidence of payment.
24.7 If we fail to make any payment due to you under this Agreement by the due date for payment, then you shall be entitled to charge us interest on the overdue amount at the rate of 1% per annum above The Bank of England’s base rate from time to time. Such interest shall accrue on a daily basis from the due date until actual payment of the overdue amount, whether before or after judgment. We shall pay the interest together with the overdue amount.
24.8 If you are required to travel abroad in the course of the Engagement, you shall be responsible for arranging any necessary insurances, inoculations and immigration requirements.
25.1 In order to protect our legitimate business interests, and except to the extent otherwise expressly instructed to do so by us under this Agreement, you must not (except with our prior written consent):
(a) solicit or entice away (or attempt to solicit or entice away) from us the business or custom of any Restricted Customer;
(b) be involved in any way (including as owner, instructor, commissioner, supplier, subcontractor, agent, consultant, director, employee, owner, partner, shareholder or otherwise) with the provision of services to any Restricted Customer; and/or
(c) (i) carry on, (ii) be engaged, concerned or interested in, or (iii) assist in any way, in each case including as owner, instructor, commissioner, supplier, subcontractor, agent, consultant, director, employee, owner, partner, shareholder or otherwise, any business concern which is (or intends to be) in competition with the Business of Whistle.
You shall be bound by the covenants set out in this clause 25.1 during the term of this Agreement, and for a period of 12 months after termination or expiry of this Agreement for any reason.
25.2 Subject always to clause 25.1, nothing in this Agreement shall prevent you from being engaged, concerned or having any financial interest in any Capacity in any other business, trade, profession or occupation during the Engagement provided that:
(a) such activity does not cause a breach of any of your obligations under this Agreement;
(b) you shall not engage in any such activity if it relates to a business which is similar to or in any way competitive with the Business of Whistle without our prior written consent (such consent not to be unreasonably withheld); and
(c) you shall give priority to the provision of the Services to us over any other business activities undertaken by you during the course of the Engagement.
26.1 You acknowledge that in the course of the Engagement you will have access to Confidential Information. You have therefore agreed to accept the restrictions in this clause 26.
26.2 You shall not (except in the proper course of your duties), either during the Engagement or at any time after the Termination Date, use or disclose to any third party (and shall use your best endeavours to prevent the publication or disclosure of) any Confidential Information. This restriction does not apply to:
(a) any use or disclosure authorised by us or required by law; or
(b) any information which is already in, or comes into, the public domain otherwise than through your unauthorised disclosure.
26.3 At any stage during the Engagement, you will promptly on request return all and any Client Property in your possession to us.
27.1 Both parties acknowledge that for the purposes of the Data Protection Legislation, we are the controller and you are the processor.
27.2 Both parties will comply with the Data Protection Legislation.
27.3 You shall, in relation to any personal data processed in connection with the Engagement:
(a) process that personal data only on our written instructions;
(b) keep the personal data confidential;
(c) comply with our data protection policy (as may be communicated by us to you from time to time);
(d) comply with our reasonable instructions with respect to processing personal data;
(e) not transfer any personal data to any third party whether located inside or outside of the UK or the EEA without our prior written consent. Insofar as we authorise the transfer of personal data to a third party outside of the UK or the EEA., such transfer shall only be carried out in accordance with the Data Protection Legislation, and provided that you ensure that (i) the transfer is to a country approved as providing an adequate level of protection for personal data; or (ii) there are appropriate safeguards in place for the transfer of personal data; or (iii) binding corporate rules are in place; or (iv) one of the derogations for specific situations applies to the transfer;
(f) assist us in responding to any data subject access request and to ensure compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, privacy impact assessments and consultations with supervisory authorities or regulators, and notify us of any request from data subjects or supervisory authority within three Business Days from receipt;
(g) notify us without undue delay (and in any event within 24 hours) on becoming aware of a personal data breach or communication which relates to ours or your compliance with the Data Protection Legislation;
(h) at our written request, delete or return personal data (and any copies of the same) to us on termination of the Engagement unless required by applicable law to store a copy of the personal data; and
(i) maintain complete and accurate records and information to demonstrate compliance with this clause 7 and contribute to and allow for audits, including inspections, conducted by us or on our behalf.
27.4 You shall ensure that you have in place appropriate technical or organisational measures, reviewed and approved by us (if so required), to protect against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures. Such measures may include, where appropriate:
(a) pseudonymising and encrypting personal data;
(b) ensuring confidentiality, integrity, availability and resilience of your systems and services;
(c) ensuring that availability of and access to personal data can be restored in a timely manner after an incident; and
(d) regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by you.
27.5 You acknowledge that, to the extent that you are based outside of the United Kingdom and the European Economic Area, you cannot process any personal data as our processor without an appropriate safeguard in place; by entering into this Agreement, you enter into the terms of the appendix to the Schedule, being the ICO Addendum to the Standard Contractual Clauses, which forms the appropriate safeguard for such purposes.
27.6 You must not appoint any third-party processor of personal data under this Agreement.
27.7 You shall have personal liability for and shall indemnify us for any loss, liability, costs (including legal costs), damages, or expenses resulting from any breach by you of this clause 27 or the Data Protection Legislation, and shall maintain in force full and comprehensive Insurance Policies.
28.1 You hereby assign to us all existing and future Intellectual Property Rights in the Deliverables and all materials embodying these rights to the fullest extent permitted by law. Insofar as they do not vest automatically by operation of law or under this Agreement, you hold legal title in these rights and inventions on trust for us.
28.2 You undertake:
(a) to notify us in writing full details of any Deliverables promptly on their creation;
(b) to keep details of all Deliverables confidential;
(c) whenever requested to do so by us and in any event on the termination of the Engagement, promptly to deliver to us (and delete from your systems and records) all correspondence, documents, papers and records on all media (and all copies or abstracts of them), recording or relating to any part of the Deliverables and the process of their creation which are in your possession, custody or power;
(d) not to register nor attempt to register any of the Intellectual Property Rights in any Deliverables, unless requested to do so by us; and
(e) to do all acts necessary to confirm that absolute title in all Intellectual Property Rights in the Deliverables has passed, or will pass, to us.
28.3 You warrant to us that:
(a) you have not given and will not give permission to any third party to use any Deliverable, nor any of the Intellectual Property Rights in any Deliverable;
(b) you are unaware of any use by any third party of any of any Deliverable or Intellectual Property Rights in any Deliverable; and
(c) the use of the Works or the Intellectual Property Rights in the Works by us will not infringe the rights of any third party.
28.4 You agree to indemnify us and keep us indemnified at all times against all or any costs, claims, damages or expenses incurred by us, or for which we may become liable, with respect to any intellectual property infringement claim or other claim relating to any Deliverables. We may at our option satisfy this indemnity (in whole or in part) by way of deduction from any payments due to you.
28.5 You waive any moral rights in the Deliverables to which you are now or may at any future time be entitled under Chapter IV of the Copyright Designs and Patents Act 1988 or any similar provisions of law in any jurisdiction, including (but without limitation) the right to be identified, the right of integrity and the right against false attribution, and you agree not to institute, support, maintain or permit any action or claim to the effect that any treatment, exploitation or use of such Works or other materials infringes your moral rights.
28.6 We and you acknowledge that, except as provided by law, no further Fees or compensation other than those provided for in this Agreement are due or may become due to you in respect of the performance of your obligations under this clause 28.
28.7 You undertake, at our expense, at any time either during or after the Engagement, to execute all documents, make all applications, give all assistance and do all acts and things as may, in our opinion, be necessary or desirable to vest the Intellectual Property Rights in, and to register them in, our name and to defend us against claims that works embodying Intellectual Property Rights or Inventions infringe third party rights, and otherwise to protect and maintain the Intellectual Property Rights in the Works and the Inventions.
29.1 You shall have personal liability for and shall indemnify us for any loss, liability, costs (including reasonable legal costs), damages or expenses arising from any breach by you of the terms of this Agreement including any negligent or reckless act, omission or default in the provision of the Services.
30.1 Notwithstanding the provisions of clause 22.3, we may terminate the Engagement with immediate effect with no liability to make any further payment to you (other than in respect of amounts properly accrued before the Termination Date) if at any time you:
(a) commit any gross misconduct;
(b) commit any serious or repeated breach or non- observance of any of the provisions of this Agreement or refuse or neglect to comply with any of our reasonable and lawful directions;
(c) are convicted of any criminal offence (other than an offence for which a fine or non-custodial penalty is imposed);
(d) are in our reasonable opinion negligent or incompetent in the performance of the Services;
(e) are declared bankrupt or make any arrangement with or for the benefit of your creditors;
(f) die or are incapacitated (including by reason of illness or accident) from providing the Services for an aggregate period of 45 days in any 52-week consecutive period;
(g) commit any fraud or dishonesty or acts in any manner which in our opinion brings or is likely to bring you or us into disrepute or is materially adverse to our interests;
(h) commit any breach of our policies and procedures (where relevant);
(i) commit any offence under the Bribery Act 2010 or equivalent foreign legislation (if any) in the jurisdiction where you have your address above; or
(j) commit a UK tax evasion facilitation offence under section 45(1) of the Criminal Finances Act 2017 or a foreign tax evasion facilitation offence under section 46(1) of the Criminal Finances Act 2017.
30.2 Our rights under clause 30.1 are without prejudice to any other rights that we might have at law to terminate the Engagement or to accept any breach of this Agreement on your part as having brought the Agreement to an end. Any delay by us in exercising our rights to terminate shall not constitute a waiver of these rights.
31.1 On the Termination Date you shall, at our discretion:
(a) immediately deliver to us all Client Property and original Confidential Information in your possession or under your control;
(b) subject to our data retention guidelines, irretrievably delete any information relating to the Business of Whistle stored on any magnetic or optical disk or memory (including any Confidential Information) and all matter derived from such sources which is in your possession or under your control outside our premises. For the avoidance of doubt, the contact details of business contacts made during the Engagement are regarded as Confidential Information and, as such, must be deleted from personal social or professional networking accounts; and
(c) provide a signed statement that you have complied fully with your obligations under this clause 31, together with such evidence of compliance as we may reasonably request.
32.1 Your relationship with us will be that of independent contractor and nothing in this Agreement shall render you our employee, worker, agent or partner and you shall not hold yourself out as such.
32.2 This Agreement constitutes a contract for the provision of services and not a contract of employment and accordingly you shall be fully responsible for and shall indemnify us for and in respect of:
(a) any income tax, National Insurance and social security contributions and any other liability, deduction, contribution, assessment or claim arising from or made in connection with the performance of the Services, where the recovery is not prohibited by law. You shall further indemnify us against all reasonable costs, expenses and any penalty, fine or interest incurred or payable by us in connection with or in consequence of any such liability, deduction, contribution, assessment or claim other than where the latter arise out of our negligence or wilful default; and
(b) any liability arising from any employment-related claim or any claim based on worker status (including reasonable costs and expenses) brought by you against us arising out of or in connection with the provision of the Services, except where such claim is as a result of any act or omission by us.
32.3 We may at our option satisfy such indemnity (in whole or in part) by way of deduction from any payments due to you.
33.1 Any notice given to a party under or in connection with this Agreement shall be in writing and shall be:
(a) by pre-paid first-class post or other expedited delivery service at the address given in the Schedule or as otherwise notified in writing to the other party; or
(b) 0sent by email to the email addresses given in the Schedule (or an address substituted in writing by the party to be served).
33.2 Unless proven otherwise, any notice shall be deemed to have been received:
(a) if sent by pre-paid first-class post or other expedited day delivery service, at 9.00 am on the fifth Business Day after posting; or
(b)if sent by email, at the time of transmission.
33.3 If deemed receipt under clause 33.2 would occur outside business hours in the place of receipt, it shall be deferred until business hours resume. In this clause 33.3, business hours means 9.00am to 5.00pm Monday to Friday on a day that is not a public holiday in the place of receipt.
33.4 This clause does not apply to the service of any proceedings or other documents in any legal action or, where applicable, any other method of dispute resolution.
34.1 This agreement constitutes the entire agreement between the parties and supersedes and extinguishes all previous and contemporaneous agreements, promises, assurances and understandings between them, whether written or oral, relating to its subject matter.
34.2 Each party acknowledges that in entering into this Agreement it does not rely on, and shall have no remedies in respect of, any statement, representation, assurance or warranty (whether made innocently or negligently) that is not set out in this Agreement.
34.3 Each party agrees that it shall have no claim for innocent or negligent misrepresentation based on any statement in this Agreement.
35.1 Subject to clause 22.2, no variation of this Agreement or of any of the documents referred to in it shall be effective unless it is in writing and signed by the parties (or their authorised representatives).
36.1 If any provision or part-provision of this Agreement is or becomes invalid, illegal or unenforceable, it shall be deemed modified to the minimum extent necessary to make it valid, legal and enforceable. If such modification is not possible, the relevant provision or part-provision shall be deemed deleted. Any modification to or deletion of a provision or part-provision under this clause 36 shall not affect the validity and enforceability of the rest of the Agreement.
36.2 If any provision or part-provision of this Agreement is deemed deleted under this clause 36, the parties shall negotiate in good faith to agree a replacement provision that, to the greatest extent possible, achieves the intended commercial result of the original provision.
37.1 This Agreement may be executed in any number of counterparts, each of which shall constitute a duplicate original, but all the counterparts shall together constitute the one Agreement.
38.1 Except as expressly provided elsewhere in this Agreement, a person who is not a party to this Agreement shall not have any rights under the
Contracts (Rights of Third Parties) Act 1999 to enforce any term of this Agreement. This does not affect any right or remedy of a third party which exists, or is available, apart from that Act.
38.2 The rights of the parties to terminate, rescind or agree any variation, waiver or settlement under this Agreement are not subject to the consent of any other person.
39.1 This Agreement and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the law of England and Wales.
40.1 Each party irrevocably agrees that the courts of England and Wales shall have non-exclusive jurisdiction to settle any dispute or claim arising out of or in connection with this Agreement or its subject matter or formation (including non-contractual disputes or claims).
Last Updated: 13 March 2025
© Copyright – Whistle 2023
