The building blocks of a Software Licence Agreement

The building blocks of a Software Licence Agreement

In this article, we have a look at some of the important aspects that must be kept in mind when drafting a Software Licence Agreement

Start building

A Software Licence Agreement is in essence a copyright licence.

Cloud Services are usually provided under a subscription-based model where access to the Software is provided to the Customer through an online login. No copy of the Software is provided to the Customer, and there is no need for a licence.

The building blocks of a Software Licence Agreement

Scope of Software Licence

To learn more about the specific building blocks of a Software Licence grant clause follow this link

Support, training and professional services

The Provider may provide support and training to the Customer’s Users. If this is the case, the terms of the support and training must be detailed in this section.

Professional services (for example customization of the Software) can also be included as part of the Software Licence Agreement or incorporated into a separate Professional Services Agreement. If professional services are included as part of the Software Licence Agreement, ensure that the commercials relating to these services are unambiguously stipulated within the Agreement.

Intellectual property

Generally, the Parties will retain their intellectual property rights and the Provider will own any new Intellectual Property Rights relating to the Software.

An aspect that will, however, need to be addressed in the Software Licence Agreement is feedback rights. In other words, if the Customer provides the Provider with feedback relating to the Software, will the Provider be able to use the feedback to improve the Software and make these improvements available to other Customers?

The default position is usually that the Provider may use all feedback freely without restriction or obligation.

Read more on building intellectual property clauses.

Payment

The payment provisions will detail payment terms, overdue amounts, method of payment, setoff, taxes, payment disputes etc.

Read more on building intellectual property clauses.

Insurance

The Provider may be required to take insurance against, for example, cyber crimes. The insurance provisions should detail the type of cover to be taken out, the amount of cover required, what happens if there is a failure to maintain cover and obligations to produce certificates confirming cover. 

Audit rights

If there are limitations relating to the licence, for example the number of installation or seats provided, the Provider would want to have the right to audit these aspects. The frequency of these audits, costs thereof and what happens if there are adverse findings must be clearly addressed in this section.

Confidentiality

Both Parties would generally want to protect such sensitive information, which, if disclosed to certain third parties, will be detrimental to their business. The confidentiality provisions provide which information must be regarded as confidential, obligations relating to handling confidential information, and what happens if there are unauthorised disclosures.

Read more on confidentiality clauses.

Limitation of liability

Unrecoverable losses and maximum liability are generally dealt with under the limitation of liability provisions. Unrecoverable losses may include, for example, consequential losses, and claims relating to breach of data protection provisions may be limited under the maximum liability amount to a fixed amount.

Read more on the limitation of liability clauses.

Warranties

The Customer and Provider will usually provide certain mutual warranties. These may include, for example, that they have the legal capacity to enter into the Agreement and that they have not offered unlawful or prohibited inducements to the other Party or any other person in connection with the Agreement.

Then there will also be warranties related to the Software that will be provided.

Typical warranties will include that no viruses will be introduced into the Software, the Software will conform to the Documentation, and the Software does not and will not infringe on any third party intellectual property rights etc.

Breach of the warranties will also need to be addressed, and the disclaimers that relate to the warranties.

Read more on warranty clauses.

Indemnities

An indemnity often found in a Software Licence Agreement is an indemnity relating to Intellectual Property infringement claims.

The indemnity provisions need to identify what will be regarded as indemnified losses (what will be covered), what will trigger the indemnity and the claims procedure.

Read more on indemnity clauses.

Disputes

How will the Parties deal with disputes? Through a Court process or alternative dispute resolution? Are there different processes for different disputes – For example, expert determination for disputes relating to technical aspects of the Software?

Read more on dispute resolution clauses.

Term and termination

The Parties may conclude the Software Licence Agreement for a fixed term. There may also be auto-renewal of the Term, which must also be detailed within this section.

The termination provisions detail when a Party can terminate the Agreement before the Term ends and may also provide for termination assistance the Provider must provide if the Agreement is terminated.

Read more on data protection clauses.

Boilerplate provisions

The boilerplate clauses will include the provisions relating to public disclosure, third-party beneficiaries, how amendments will be dealt with, how notices under the Agreement must be provided, assignment etc.

Table of Contents

The Author

Martin Kotze is a commercial lawyer with over 10 years of experience. He specialises in transactional work within the Tech, Financial Services and Property industries. 

He is also one of the co-founders at DocNinja and regularly advises listed companies to small and medium enterprises on how to contract better with their customers. 

Martin Kotze
Linkedin Envelope
Talk to Martin

This is a free 30min consultation to better understand your business and your needs.

The building blocks of a Cloud Services Agreement

The building blocks of a Cloud Services Services Agreement

In this article, we have a look at some of the important aspects that must be kept in mind when drafting a Cloud Services Agreement

Start building

The Cloud Services Agreement determines the rights and obligations of the Provider and the Customer relating to the Cloud Services. 

Cloud services fall into three primary categories: software-as-a-service (SaaS), platform-as-a-service (PaaS), and infrastructure-as-a-service (IaaS).

 

A Software Licence is, in essence, a copyright licence.

Cloud Services are usually provided under a subscription-based model where access to the Software is provided to the Customer through an online login. No copy of the Software is provided to the Customer, and there is no need for a licence.

Order Forms will generally contain the variable information relating to the Cloud Services Agreement. In other words, the commercials to the Agreement, the Term of the Agreement and other information the Provider negotiates with the Customer.

The Order Form then incorporates various other terms and conditions by way of reference - For example, the Master Cloud Services Subscription Agreement hosted on its website. This Master Cloud Services Subscription Agreement may contain other terms and conditions that are generally more of a legal nature.

A Provider would want to use the Order Form approach to focus the negotiations on the Order Form and not negotiate a 30 to 50-pager contract.

Also, the Master Cloud Services Agreement is presented as the “standard Ts and Cs” the Provider contracts with its Customers creating the impression that the terms and conditions within the Master Cloud Services Agreement are not “negotiable”.

Another reason may be that the Master Cloud Services Agreement may be subject to amendment by the Provider from time to time. An amendment to the Master Cloud Services Agreement will then generally entail an email notifying Customers of the amendment and their right to object to it. The amendment will be deemed made to the Agreement if no objection is received.

The building blocks of a Cloud Services Agreement

Order form

The Order Form will generally contain:

  • Scope relating to the Cloud Service – Specific usage limitations (users / territory / industry etc.), the permitted use of the Cloud Services (internal vs external business purposes)
  • Commercials (implementation charges / pricing structure / third party expenses / invoicing and payment period)
  • Start date, Term of the Agreement and autorenewal
  • Training & support services
  • Links to Master Cloud Services Agreement, data privacy policy, support policy etc.

Scope of Cloud Services

The scope of the Cloud Services stipulates the access rights provided to the Customer and, if applicable, the Customer’s Affiliates. The scope of the Cloud Services may also refer to certain retained rights of the Provider and use limitations imposed on the Customer.

Support, training and professional services

The Provider will generally provide support and training to the Customer’s Users, and the terms of the support and training must be detailed in this section.

Professional services can also be included as part of the Cloud Services Agreement or incorporated into a separate Professional Services Agreement. If professional services are included as part of the Cloud Services Agreement, ensure that the commercials relating to these services are unambiguously stipulated within the Agreement.

Intellectual property

The Provider will generally retain all intellectual property relating to the Software, and no licence is provided in respect of the Software. For this reason, the intellectual property provisions within a Cloud Services Agreement are generally not overly complex.

An aspect that will, however, need to be addressed in the Cloud Services Agreement is feedback rights. In other words, if the Customer provides the Provider with feedback relating to the Cloud Services, will the Provider be able to use the feedback to improve the Cloud Services and make these improvements available to other Customers?

The default position is usually that the Provider may use all feedback freely without restriction or obligation.

Read more on building intellectual property clauses.

Payment

The payment provisions will detail payment terms, overdue amounts, method of payment, setoff, taxes, payment disputes etc.

Read more on building intellectual property clauses.

Insurance

The Provider may be required to take insurance against, for example, cyber crimes. The insurance provisions should detail the type of cover to be taken out, the amount of cover required, what happens if there is a failure to maintain cover and obligations to produce certificates confirming cover. 

Audit rights

For a Customer, it may be difficult to determine whether or not the Provider is executing their obligations under the Agreement. Audit rights allow the Customer, or their authorised representative, to conduct certain audits.

With the audit clause, aspects often addressed include notices of audits, the number of allowed audits, confidentiality and what happens if there is an adverse finding.

Confidentiality

Both Parties would generally want to protect such sensitive information, which, if disclosed to certain third parties, will be detrimental to their business. The confidentiality provisions provide which information must be regarded as confidential, obligations relating to handling confidential information, and what happens if there are unauthorised disclosures.

Read more on confidentiality clauses.

Limitation of liability

Unrecoverable losses and maximum liability are generally dealt with under the limitation of liability provisions. Unrecoverable losses may include, for example, consequential losses, and claims relating to breach of data protection provisions may be limited under the maximum liability amount to a fixed amount.

Read more on the limitation of liability clauses.

Warranties

The Customer and Provider will usually provide certain mutual warranties. These may include, for example, that they have the legal capacity to enter into the Agreement and that they have not offered unlawful or prohibited inducements to the other Party or any other person in connection with the Agreement.

Then there will also be warranties related to the Cloud Services that will be provided.

Typical warranties will include that no viruses will be introduced into the Cloud Services, the Cloud Services does not and will not infringe on any third party intellectual property rights, the Cloud Services will be updated as necessary to comply with applicable laws etc.

Breach of the warranties will also need to be addressed, and the disclaimers that relate to the warranties.

Read more on warranty clauses.

Indemnities

An indemnity often found in a Cloud Services Agreement is an indemnity relating to Intellectual Property infringement claims.

The indemnity provisions need to identify what will be regarded as indemnified losses (what will be covered), what will trigger the indemnity and the claims procedure.

Read more on indemnity clauses.

Disputes

How will the Parties deal with disputes? Through a Court process or alternative dispute resolution? Are there different processes for different disputes – For example, expert determination for disputes relating to technical aspects of the Cloud Services?

Read more on dispute resolution clauses.

Term and termination

The Parties may conclude the Cloud Services Agreement for a fixed term. There may also be auto-renewal of the Term, which must also be detailed within this section.

The termination provisions detail when a Party can terminate the Agreement before the Term ends and may also provide for termination assistance the Provider must provide if the Agreement is terminated.

Read more on data protection clauses.

Boilerplate provisions

The boilerplate clauses will include the provisions relating to public disclosure, third-party beneficiaries, how amendments will be dealt with, how notices under the Agreement must be provided, assignment etc.

Table of Contents

The Author

Martin Kotze is a commercial lawyer with over 10 years of experience. He specialises in transactional work within the Tech, Financial Services and Property industries. 

He is also one of the co-founders at DocNinja and regularly advises listed companies to small and medium enterprises on how to contract better with their customers. 

Martin Kotze
Linkedin Envelope
Talk to Martin

This is a free 30min consultation to better understand your business and your needs.

The building blocks of a Professional Services Agreement

The building blocks of a Professional Services Agreement

In this article, we have a look at some of the important aspects that must be kept in mind when drafting a Professional Services Agreement

Start building

The Professional Services Agreement usually relates to a single project with defined scopes or timelines and is usually not a continuous service.

Persons with certain expertise and ability usually provide services under a Professional Services Agreement.

 

Scope of the engagement

The scope of the service is often disputed, and for this reason, providing a detailed scope is recommended. What are the deliverables? Within which timeframe must the Deliverables be provided? Must the Services be provided at a specific location?

The scope of the Agreement is often separated from all the legal terms—schedules to the Agreement, detail scope of work, timetables and payment tables.

 

Acceptance of Deliverables

What are the criteria for acceptance of the Deliverables? What if the Deliverable does not meet the acceptance criteria? These are all important aspects that must be detailed in the Agreement.

 

Fees and expenses

Are there different rates that apply to different people providing the Service? Will any expenses be reimbursed? Can the Provider add a markup on the expenses? Is prior written approval required for the expenses?

 

Personnel and non-solicitation

The people involved with providing Services under a Professional Services Agreement often have unique skills, expertise and knowledge. Therefore, if an entity is appointed under the Professional Services Agreement, it can risk losing its skilled professional to a Customer who wants to employ these individuals directly. For this reason, non-solicitation provisions are often added to a Professional Services Agreement.

Read more on Personnel and Non-Solicitation clauses.

 

Intellectual property

Generally, Services provided under a Professional Services Agreement will constitute work for hire, and all intellectual property will belong to the Customer. However, some aspects that relate to intellectual property must still be dealt with in the Agreement. For example,  how will the intellectual property that the Provider brings to the table be dealt with under the Agreement? Will a licence be provided in respect of this Intellectual Property? What are the terms of such a licence? 

Read more on building intellectual property clauses.

 

Payment

The payment provisions will detail payment terms, overdue amounts, method of payment, setoff, taxes, payment disputes etc.

Read more on building intellectual property clauses.

 

Insurance

The Provider may be required to take insurance against, for example, cyber crimes. The insurance provisions should detail the type of cover to be taken out, the amount of cover required, what happens if there is a failure to maintain cover and obligations to produce certificates confirming cover. 

 

Audit rights

For a Customer, it may be difficult to determine whether or not the Provider is executing their obligations under the Agreement. Audit rights allow the Customer, or their authorised representative, to conduct certain audits.

With the audit clause, aspects often addressed include notices of audits, the number of allowed audits, confidentiality and what happens if there is an adverse finding.

 

Confidentiality

Both Parties would generally want to protect such sensitive information, which, if disclosed to certain third parties, will be detrimental to their business. The confidentiality provisions provide which information must be regarded as confidential, obligations relating to handling confidential information, and what happens if there are unauthorised disclosures.

Read more on confidentiality clauses.

 

Limitation of liability

Unrecoverable losses and maximum liability are generally dealt with under the limitation of liability provisions. Unrecoverable losses may include, for example, consequential losses, and claims relating to breach of data protection provisions may be limited under the maximum liability amount to a fixed amount.

Read more on the limitation of liability clauses.

 

Warranties

The Customer and Provider will usually provide certain mutual warranties. These may include, for example, that they have the legal capacity to enter into the Agreement and that they have not offered unlawful or prohibited inducements to the other Party or any other person in connection with the Agreement.

Then there will also be warranties that relate to the Services that will be provided.

Typical warranties will include that the Services will be done efficiently and that people with certain skills and experience will be used to provide the Services.

Breach of the warranties will also need to be addressed, and the disclaimers which will apply will also need to be included.

Read more on warranty clauses.

 

Indemnities

An indemnity often found in a Professional Services Agreement is an indemnity relating to Intellectual Property infringement claims.

The indemnity provisions need to identify what will be regarded as indemnified losses (what will be covered), what will trigger the indemnity and the claims procedure.

Read more on indemnity clauses.

 

Disputes

How will the Parties deal with disputes? Through a Court process or alternative dispute resolution? Are there different processes for different disputes – For example, expert determination for disputes relating to the Software Deliverables?

Read more on dispute resolution clauses.

 

Term and termination

The Parties may conclude the Professional Services Agreement for a fixed term. There may also be auto-renewal of the Term, which must also be detailed within this clause.

The termination provisions detail when a Party can terminate the Agreement before the Term ends and may also provide for termination assistance the Provider must provide if the Agreement is terminated.

Read more on data protection clauses.

 

Boilerplate provisions

The boilerplate clauses will include the provisions relating to public disclosure, third-party beneficiaries, how amendments will be dealt with, how notices under the Agreement must be provided, assignment etc.

 

Categories

Table of Contents

The Author

Martin Kotze is a commercial lawyer with over 10 years of experience. He specialises in transactional work within the Tech, Financial Services and Property industries. 

He is also one of the co-founders at DocNinja and regularly advises listed companies to small and medium enterprises on how to contract better with their customers. 

Martin Kotze
Linkedin Envelope
Talk to Martin

This is a free 30min consultation to better understand your business and your needs.

The building blocks of a Master Software Development Agreement

The building blocks of a Master Software Development Agreement

In this article, we have a look at some of the important aspects that must be kept in mind when drafting a Master Software Development Agreement

Start building

The Master Software Development Agreement provides the framework within which the Customer engages the Developer.

The Parties to the Master Software Development Agreement will also agree on Statements of Work which detail the Service that the Developer will provide.

The Master Software Development Agreement can be agreed to before any Statements of Work are concluded.

 

Scope of the engagement

The scope will typically include the general terms of engagement which may include the design, development, creation, testing, delivery, installation, configuration, integration, and customisation of the Software.

The scope may also address general support, maintenance, and training the Developer will need to provide to the Customer.

 

Contract management

For larger projects, it is important to have structures and processes in place to manage the contract effectively. 

Under contract management, change control will be dealt with – For example, how the process will work if a change to the agreed Specification is required.

The Parties may also agree to establish a Steering Committee overall supervision of each Party’s performance and the direction of the activities under this Agreement.

 

Acceptance testing

The Developer is responsible for delivering the Software Deliverables as per the Statement of Works, which may detail certain Functional and Technical Specifications. 

Testing needs to take place to ensure that the Software meets the Specifications agreed to.

The acceptance testing provisions will detail the process that must be followed after delivering a Software Deliverable, what happens if there are Non-Conformities, and what if there are repeated failures of Acceptance Tests.

 

Intellectual property

The Software created will constitute intellectual property which the Customer generally owns. However, the newly created intellectual property is usually not the only intellectual property that must be dealt with in the Master Software Development Agreement. 

To create the new intellectual property, the Developer needs to use its know-how, existing software and other intellectual property (Background Intellectual Property) to create the new intellectual property (Foreground Intellectual Property).

The Master Software Development Agreement will need to stipulate the terms of the Background Intellectual Property licence that the Developer will provide to the Customer to enable the Customer to use the Foreground Intellectual Property without any infringement.

Read more on building intellectual property clauses.

 

Payment

The payment provisions will detail payment terms, overdue amounts, method of payment, setoff, taxes, payment disputes etc.

Read more on building intellectual property clauses.

 

Insurance

The Provider may be required to take insurance against, for example, cyber crimes. The insurance provisions should detail the type of cover to be taken out, the amount of cover required, what happens if there is a failure to maintain cover and obligations to produce certificates confirming cover. 

 

Audit rights

For a Customer, it may be difficult to determine whether or not the Provider is executing their obligations under the Agreement. Audit rights allow the Customer, or their authorised representative, to conduct certain audits.

With the audit clause, aspects often addressed include notices of audits, the number of allowed audits, confidentiality and what happens if there is an adverse finding.

 

Confidentiality

Both Parties would generally want to protect such sensitive information, which, if disclosed to certain third parties, will be detrimental to their business. The confidentiality provisions provide which information must be regarded as confidential, obligations relating to handling confidential information, and what happens if there are unauthorised disclosures.

Read more on confidentiality clauses.

 

Limitation of liability

Unrecoverable losses and maximum liability are generally dealt with under the limitation of liability provisions. Unrecoverable losses may include, for example, consequential losses, and claims relating to breach of data protection provisions may be limited under the maximum liability amount to a fixed amount.

Read more on the limitation of liability clauses.

 

Warranties

The Customer and Provider will usually provide certain mutual warranties. These may include, for example, that they have the legal capacity to enter into the Agreement and that they have not offered unlawful or prohibited inducements to the other Party or any other person in connection with the Agreement.

Then there will also be warranties that relate to the Software.

Typical warranties will include that the Software will perform in conformity with the Specifications, it will not contain viruses, it will not contain any copyleft licences etc.

Breach of the warranties will also need to be addressed, and the disclaimers which will apply will also need to be included.

Read more on warranty clauses.

 

Indemnities

An indemnity that you will often find in Master Software Development Agreements is an indemnity relating to Intellectual Property infringement claims.

The indemnity provisions need to identify what will be regarded as indemnified losses (what will be covered), what will trigger the indemnity and the claims procedure.

Read more on indemnity clauses.

 

Data protection

Data protection may include data security and data privacy provisions. 

Read more on data protection clauses.

 

Disputes

How will the Parties deal with disputes? Through a Court process or alternative dispute resolution? Are there different processes for different disputes – For example, expert determination for disputes relating to the Software Deliverables?

Read more on dispute resolution clauses.

 

Term and termination

The Parties may conclude the Master Software Development Agreement for a fixed term. There may also be auto-renewal of the term, which must also be detailed within this clause.

The termination provisions detail when a Party can terminate the Agreement before the Term ends and may also provide for termination assistance that the Developer must provide if the Agreement is terminated.

Read more on data protection clauses.

 

Boilerplate provisions

The boilerplate clauses will include the provisions relating to public disclosure, third party beneficiaries, how amendments will be dealt with, how notices under the Agreement must be provided, assignment etc.

Categories

Table of Contents

The Author

Martin Kotze is a commercial lawyer with over 10 years of experience. He specialises in transactional work within the Tech, Financial Services and Property industries. 

He is also one of the co-founders at DocNinja and regularly advises listed companies to small and medium enterprises on how to contract better with their customers. 

Martin Kotze
Linkedin Envelope
Talk to Martin

This is a free 30min consultation to better understand your business and your needs.

Building Personnel and Non-Solicitation clauses

How to build Personnel and Non-Solicitation clauses

In this article, we have a look at some of the important aspects that must be kept in mind when drafting Personnel and Non-Solicitation clauses.

Start building

What is the purpose of a Personnel clause?

When Customers contract with Providers, they may want to deal exclusively with certain Provider employees.

It may be that they have established a good relationship with these employees, or they want to ensure that these employees are always involved when it comes to a certain Project due to their skills and expertise.

Therefore, the Personnel clause’s purpose is to detail these Key Personnel’s involvement.

What is the purpose of a Non-Solicitation clause?

A Non-Solicitation clause prohibits a Party from soliciting the employment of the other Party’s Key Employees.

These Key Employees may have unique skills; usually, a Party has spent time and money to upskill these employees.

From a Provider’s perspective, you want to ensure you have the resources to provide continuity of services to all of your customers and to prevent losses related to intellectual property, confidential information, and investments made hiring and training these Key Employees.

There are situations where a Customer may seek a Non-Solicitation clause to prevent a Provider from enticing people with industry knowledge or other marketable skills to benefit the Provider.

Building blocks of Personnel and Non-Solicitation Clauses

Building blocks of Personnel and Non-Solicitation clauses.

Key Personnel

The Key Personnel clause will need to address:

  • What is the process that must be followed if there is a transfer of Key Personnel
  • The succession plan
  • Key personnel working on competitor accounts
  • And can the Customer decide to remove Key Personnel from their account 

Data security training

Often human mistakes are the cause of data breaches.
For this reason, a Customer may want to ensure that the Personnel working their account that may have access to sensitive and confidential information regularly undergo data security training.

Personal checks & other requirements

A Customer that depends on a Provider to assist with especially Services of a financial nature may want to ensure that background checks be concluded on all Personnel working on their accounts.

Furthermore, depending on the transaction and Services to be provided, a Customer may want only to pay the agreed rates if they work with Personnel who must have certain qualifications or experience.

Key Employee definition

A wider definition of Key Employees may provide additional protection to the Provider. However, being more precise with your definition of Key Employees and referencing only Employees involved with the Services may increase the probability that a Court will enforce the provisions.

Here is an example of a definition for Key Employees:

any director, officer or senior employee in a key capacity of a Party or an Affiliate of it and any of their employees in a key position with regard to the performance of the obligations under the Agreement, at any time until completion of such obligations.

Non-Solicitation period

How long after the Agreement comes to end will the non-solicitation provisions still apply?

Industry practice may be a guide. But there is however no specific period that is regarded fair and reasonable. 

 

Damages

Parties may want to agree liquidated damages if there is a breach of the Non-Solicitation provision. For example, a percentage of the annual cost to company may be used or a fixed amount can also be agreed to.

Example clause

1.           PERSONNEL

1.1        Key personnel:  The following individuals are designated to the following positions as at the Start Date and must dedicate the below percentage of their time to the provision of the Services at the specified location:

Position

Name of individual

Percentage of time to be dedicated

Place of service

 

 

 

 

 

 

 

 

1.2        Transfer of key personnel:  A person holding a key position may not be transferred or re-assigned to other positions until a suitable replacement has been approved by the Customer.

1.3        Succession plan:  The Provider must establish and maintain an up-to-date succession plan for the replacement of individuals serving in key positions that shall be reviewed with the Customer on a regular basis.

1.4        Assignment of key personnel to competitor account:  For so long as an individual is assigned to a key position, and for 12 months thereafter, the Provider shall not assign such individual to perform services for the benefit of any competitor of the Customer.

1.5        Removal of key personnel:  At any time, and in Customer’s sole discretion, the Customer has the right to require that any individual assigned to a key position be removed from such position and replaced with another individual approved by the Customer.

1.6        Data security training:  The Provider must, at its cost, ensure that its personnel, on hiring and at least once a year afterwards, participate in data security awareness training, including at a minimum, Customer’s data security policies, including acceptable use, password protection, data classification, incident and breach reporting, the repercussions of violations, and overviews of applicable laws and regulations.

1.7        Personnel checks:  To the extent permitted by law and after obtaining the applicable consents from the affected personnel, before assigning any personnel to provide Services under this agreement the Provider must:

(a)          complete background checks on all these personnel, and

(b)          on the Customer's reasonable request, update any of these checks.

1.8        Contact information:  On or before the Effective Date, the Provider shall submit a list of contact names and telephone numbers to the Customer of its personnel and stand-by personnel.

2.           NON-SOLICITATION OF KEY EMPLOYEES

2.1        Non-solicitation:  During the Term of the Agreement, and for 12 months after the Agreement comes to an end, no Party may directly or indirectly solicit the other Party’s Key Employees.

2.2        Exclusions:  A Party will not be in breach of the above non-solicitation provisions if they hire or employ, or have hiring or employment discussions with any person:

(a)          who is not then employed by that other Party;

(b)          who contacts them without any solicitation by them; or

(c)          who responds to general solicitation for employment placed by them or their agents in newspapers, journals, the internet, recruiters, or any media.

2.3        Damages:  Should a Party breach the above non-solicitation provision, the soliciting Party, must pay to the non-soliciting Party within days of receipt of notice to that effect, the sum equal to 40% of the annual total cost to company of the relevant Key Employee.

2.4        Acknowledgement of pre-estimated damages:  The Parties agree that such damages contemplated above constitute pre-estimated damages to be suffered by the non-soliciting Party due to the breach of the non-solicitation provisions.

2.5        Survival:  The provisions of this Article – NON SOLICITATION OF KEY EMPLOYEES will survive the termination, expiration or cancellation of this Agreement.

Categories

Table of Contents

The Author

Martin Kotze is a commercial lawyer with over 10 years of experience. He specialises in transactional work within the Tech, Financial Services and Property industries. 

He is also one of the co-founders at DocNinja and regularly advises listed companies to small and medium enterprises on how to contract better with their customers. 

Martin Kotze
Linkedin Envelope
Talk to Martin

This is a free 30min consultation to better understand your business and your needs.

Building an intellectual property clause

How to build an intellectual property clause

In this article, we have a look at some of the important aspects that must be kept in mind when drafting Personnel and Non-Solicitation clauses.

Start building

Most disputed terms WCC ranking: 

19

Most important terms WCC ranking: 

16

Most negotiated terms WCC ranking: 

12

What is the purpose of an Intellectual Property clause in a services agreement?

The Intellectual Property clause determines which Party owns which intellectual property that will be used or created during the Agreement. The Intellectual Property clause may also provide for various obligations in respect the intellectual property, for example, an obligation to assist with the registration of intellectual property.

What is Background IPR

A provider may have to bring a couple of things to the table to perform the service. For example, the provider’s know-how, their systems and technology. The provider may have certain intellectual property rights in respect of the know-how, systems and technology. These rights are referred to as the Background Intellectual Property Rights (Background IPR).

What is Foreground IPR

Foreground Intellectual Property Rights (Foreground IPR), are intellectual property rights that arise due to the activity conducted under the Agreement.

Building blocks of an Intellectual Property Clause

building blocks of an intellectual property clause

What is Background IPR

The devil is in the details when it comes to definitions.

Usually, Intellectual Property Rights is defined separately from Background IPR, and you should therefore start with the definition of Intellectual Property Rights.

The Intellectual Property Rights definition may also contain various embedded defined terms. For example, Know-How, Patents etc. 

Here are examples of definitions that you may need when building your Intellectual Property clause:

Backround IPR means, by reference to a Party, all Intellectual Property Rights, excluding Foreground IPR, owned by such Party or any of its Affiliates, or licensed or made available by a third party to such Party and under which such Party is authorised to grant licenses.

Intellectual Property Rights means unpatented inventions, Patents, trademarks, service marks, trade names, domain names, copyrights (including rights in software), moral rights, rights in designs, Know-How, database rights, topography rights, mask work rights, utility models and all other intellectual property rights and forms of protection of a similar nature, licences to such rights, in each case whether registered or pending registration, and rights to apply for any such rights.

Know-How means all knowledge, drawings, specifications, samples, models, instructions, algorithms, working methods, ideas, concepts, technology, applied development engineering data, reports, notes and all other technical or commercial information, data and documents of any kind.

Patent means all patents and patent applications in any jurisdiction in the world, including any divisional, continuation, continuation-in-part, reissue, renewal, re-examination or extension thereof.

Retention of ownership

Ownership of the Background IPR will usually be retained by the respective Parties.

Some of the Background IPR (for example, Know-How), will be used to create Foreground IPR. For this reason, a licence is required in respect of the Background IPR. Who provides the licence will depend on the circumstances. Generally, both Parties will be making available Background IPR for the project, and therefore, both Parties licence their Background IPR. 

Licence in respect of Background IPR

Generally, a “project licence” is provided in terms of which each Party licences their Background IPR to the other for purposes of and to the extent required to perform their obligations under the Agreement. Without such a licence, an infringement question may arise.

It may happen that some of the Background IP will be used to create the Foreground IP. If this is the case, you want to be clear on the terms of the Background IPR licence. In other words, you want to expressly stipulate the scope of the Background IPR licence.

You will need to consider:

  • To whom is the Background IPR licenced (does it include Affiliates)?
  • What can the licensee do under the licence? Modify, distribute, sell create derivative works etc?
  • Are there any restrictions? For example, restrictions relating to territory, field of use, external use etc.
  • What about assignment and sub-licensing?

If you are acting for the customer, the typical licence you would require in this regard is a worldwide, no-charge, royalty-free, perpetual, irrevocable, exclusive, sublicensable licence.

What is Foreground IPR

Basically, anything that is created as a result of the activities conducted under the Agreement.

Here is an example definition:

Foreground IPR means all Intellectual Property Rights that arise as a result of or in the context of any activity pursuant to this Agreement.

Who owns the Foreground IPR

Most of the time the Foreground IPR will be owned by the Customer paying for the work. There are situations where the Provider would want to own the Foreground IPR. If this is the case, the Provider will need to provide a licence to the Customer to enable them to use the Foreground IPR.

 

Licence and obligations

When the Provider is providing a licence in respect of the Foreground IPR to the Customer, You will need to consider:

  • To whom is the Foreground IPR licenced (does it include Affiliates)?
  • What can the licensee do under the licence? Modify, distribute, sell create derivative works etc?
  • Are there any restrictions? For example, restrictions relating to territory, field of use, external use etc.
  • What about assignment and sub-licensing?

If you are acting for the Customer, the typical licence you would require in this regard is a worldwide, no-charge, royalty-free, perpetual, irrevocable, exclusive, sublicensable licence with scope that is as close as possible to “ownership”.

The general obligations relating to licencing must also be included, for example, that the Customer must assist with the registration of any Foreground IPR. And also, specifically, provide who needs to pay the fees and costs relating to the imposed obligations.

Non-asserts

If the Foreground IPR will be owned by the Provider, the Provider may want to make use of a non-assertation clause which will mean that the Customer cannot seek to enforce any Intellectual Property Rights it may have against the Provider in respect of the Foreground IPR.

Waiver of moral rights

Certain Intellectual Property Rights cannot be assigned and if you, as Provider, don’t want a situation where objections arise that relate to certain creative works, inserting a waiver of moral rights must be considered.

Example clauses

Customer friendly

1.           INTELLECTUAL PROPERTY

1.1         Background IPR:  Each Party retains ownership of their Background IPR and Intellectual Property developed outside the scope of this Agreement.

1.2         Background IPR Licence grant:  The Provider hereby grants to the Customer a irrevocable, non-exclusive, worldwide, no-charge, royalty-free, perpetual, sublicensable licence in respect of the Background IPR, under the following terms:

(a)         The Provider can create derivative works, display, or perform in any media and through any technology or other means of delivery, whether now known or developed in the future, distribute, sell, offer to sell, import, to make, or have made, to modify, to reproduce, to use externally, and to use internally the Background IPR for purposes of performing their obligations under this Agreement.

(b)         The Background IPR is also licenced to the Affiliates Customer.

(c)         The licence under Section 6.2 will survive termination of this Agreement.

1.3         Foreground IPR:  The Customer will exclusively own all Foreground IPR and the Provider hereby assigns all Foreground IPR to the Customer.

1.4         Obligations relating to Foreground IPR:  The Provider must:

(a)         assist in obtaining, registering, perfecting and enforcing all Foreground IPR; and

(b)         deliver all Foreground IPR.

1.5         Fees and costs:  The Customer must pay all fees and costs to register and protect the Foreground IPR.

Proivder friendly

1.           INTELLECTUAL PROPERTY

1.1         Background IPR:  Each Party retains ownership of their Background IPR and Intellectual Property developed outside the scope of this Agreement.

1.2         Background IPR Licence grant:  The Customer hereby grants to the Customer a irrevocable, non-exclusive, worldwide, no-charge, royalty-free, non-transferable, sublicensable licence in respect of their Background IPR, under the following terms:

(a)         The Provider can create derivative works, display, or perform in any media and through any technology or other means of delivery, whether now known or developed in the future, make, or have made, modify, reproduce, use externally, and use internally the Background IPR for purposes of performing their obligations under this Agreement.

(b)         The Background IPR is also licenced to the Affiliates Provider.

1.3         Ownership of Foreground IPR:  The Provider will exclusively own all Foreground IPR and the Customer hereby assigns all Foreground IPR to the Provider.

1.4         Licence:  Upon Customer’s payment of fees due under the Agreement the Provider grants the Customer an irrevocable, non-exclusive, worldwide, no-charge, royalty-free, perpetual, sublicensable licence in respect of the Foreground IPR, under the following terms:

(a)         The Customer can create derivative works, display, or perform in any media and through any technology or other means of delivery, whether now known or developed in the future, make, or have made, modify, reproduce, use externally, and use internally the Foreground IPR.

(b)         The licence in Section 1.4 will survive termination of this Agreement.

1.5         Obligations:  The Customer must:

(a)         assist in obtaining, registering, perfecting and enforcing all Foreground IPR; and

(b)         deliver all Foreground IPR.

1.6         Fees and costs:  The Provider must pay all fees and costs to register and protect the Foreground IPR.

1.7         Non-assertion and disclosure:  The Customer must not:

(a)         at any time allege the invalidity or otherwise take or permit to be taken any action affecting the validity or enforceability of any Intellectual Property Right obtained, applied for or to be applied for by the Provider; or

(b)         disclose or publish the subject matter of any inventions which may be patentable before the Provider has applied for any patent registration.

1.8         Moral rights:  To the extent permitted under the applicable laws, the Customer hereby waives all moral rights arising from or relating to Intellectual Property Rights created by or in collaboration with the Customer for the benefit of the Provider and all the Provider’s licensees and successors-in-title to the Intellectual Property Rights.

Recent Posts
Categories

Table of Contents

The Author

Martin Kotze is a commercial lawyer with over 10 years of experience. He specialises in transactional work within the Tech, Financial Services and Property industries. 

He is also one of the co-founders at DocNinja and regularly advises listed companies to small and medium enterprises on how to contract better with their customers. 

Martin Kotze
Linkedin Envelope
Talk to Martin

This is a free 30min consultation to better understand your business and your needs.

Building data privacy and data security clauses

How to build a data protection clause

In this article, we have a look at some of the important aspects that must be kept in mind when drafting data privacy and data protection provisions.

Start building

Most disputed terms WCC ranking: 

Data privacy: 28

Data security: 26

Most important terms WCC ranking: 

Data privacy: 8

Data security: 7

Most negotiated terms WCC ranking: 

Data privacy: 17

Data security: 19

What is a Data Privacy clause?

Data Privacy clauses will generally deal with the way in which data (usually Personal Information) must be handled.

What is a Data Security clause?

Data Security clauses usually provide what the Provider must do to protect the Protected Data against unauthorised third-party access and malicious attacks.

What is a Data Protection clause then?

Data protection clauses are in a way a combination of data privacy and data protection clauses.

Building blocks of Data Privacy and Data Security clauses

building blocks of data privacy and data security provisions

What is Protected Data?

Defining Protected Data is important to ensuring balanced and fair data privacy and security provisions.

Generally, Protected Data will be personal information as defined by applicable data privacy and security laws. The aforementioned, however, does not mean that the definition of Protected Data should be limited to Personal Information. The Customer may want a much broader definition of Protected Data that includes all the data that the Customer provides to the Provider. For example:

Protected Data means all information processed or stored through the System by Customer or on Customer’s behalf, and includes, without limitation, information provided by Customer’s customers, employees, and other users and by other third parties, other information generated through use of the System by or on Customer’s behalf, and copies of all such information rendered onto paper or other non-electronic media.

If you are the Provider, you want to use a narrow definition and may even consider carving out certain types of data from the definition. For example:

Excluded Data means personal tax numbers, financial account data, and credit card and other payment card numbers;

Protected Data means personal information as contemplated under applicable data privacy and security laws, but specifically excludes Excluded Data;

If you are the Provider, you don’t want a situation where there is a Data Incident and, for example, credit card data is exposed and there was no need for you in the first place to process any such credit card data. 

If you follow the approach where certain data is excluded, make sure that a warranty is included in the Data Protection Schedule where the Customer warrants that they will not provide any Excluded Data to the Provider.

It may be that you want Protected Data to be regarded as Confidential Information. If you decide to go this route make sure that you address the situation where there is a conflict between the Data Protection Schedule and the confidentiality provisions.

Handling of Protected Data - Authorised Persons

A narrow definition of Authorised Persons may favour the Customer. On the other hand, the Provider would want to make sure the definition of Authorised Persons is wide enough to include sub-contractors so that there is no need to obtain written approvals for each sub-contractor.

Authorised Persons should, however, be limited to people who need to handle the data to fulfil the Provider’s obligations under the Agreement.

Handling of Protected Data - Aggregated and anonymised data

A Provider may want to use the Protected Data for its own purposes. Generally, if the Provider wants to use the Protected Data, it needs to be anonymised first. If you are the Customer, you would want to make sure that if the Protected Data is anonymised, such a process must and cannot be reversed.

Handling of Protected Data - Personal Information requests

Privacy legislation generally provides certain rights to data subjects when it comes to their Personal Information. For example, the “right to know,” delete, or the “right to be forgotten”. As a Customer, you may want to impose certain obligations on the Provider if a personal information request is directed at the Provider.

Access, location and deletion of Protected Data

If you are the Customer, you want to control the access, location and deletion of Protected Data.

Data privacy laws may determine certain requirements if Protected Data is moved cross-border. As a Customer, you do not want to be exposed to a situation where Protected Data is moved cross-border to a jurisdiction with less stringent data privacy and data security laws than those applicable within the current jurisdiction.

As a Customer, you can also consider specifying certain data centres within the current jurisdiction where data can be stored.

As Provider, the commercials of the transaction must be kept in mind when considering access, location and deletion of Protected Data. It may be useful to reserve a right to charge fees and costs for time spent assisting the Customer with providing access, deleting and moving Protected Data.  

Data security audits & certifications

Generally, the two standards that will be considered will be ISO 27001 and SOC 2.

A difference between ISO 27001 and SOC 2 is that SOC 2 is not a certification. If you pass the ISO 27001 requirements, then your business is ISO 27001 certified. However, in the case of SOC 2, the auditor issues a formal report, confirming whether or not you met the relevant criteria. 

ISO 27001 is a common European procurement requirement and is internationally recognized as the highest standard in information security. In the US market, many Customers will want the reassurance that the Provider is SOC 2 compliant.

Minimum safeguards

If you acting for the Customer, especially in the situation where the Provider is not required to produce an ISO 27001 certificate or an SOC2 report, you want to place certain contractual obligations on the Provider regarding data security.

Or, if there is a requirement that the Provider produces a ISO 27001 certificate or an SOC2 report, there are situations where the Customer may require further measures to be put in place that goes beyond what is required under ISO 27001/ SOC2.

Data incidents & deletion of data

Data Incidents

When considering provisions relating to Data Incidents, the definition of a Data Incident is a good point of departure.

Generally, Data Incidents include the unauthorised disclosure of, access to, or use of Protected Data

As Provider, you may want to consider narrowing the above broad and general definition to more specific scenarios where, for example, an unauthorised third-party obtains and threatens the distributions of Protected Data.

The obligations placed on the Provider relating to Data Incidents require detailed consideration. Examples of these obligations include:

  • Notifying the Customer
  • Cooperation with law enforcement
  • Assistance with notifying third parties whose data may have been exposed

 

Most of these obligations are generally aimed at damage control. However, a Customer may want to add obligations that require compensation, in some form, as a result of the Data Incident. 

As a Customer, you want to be in control of whatever happens after the occurrence of a Data Incident. As Provider, you do not want to be subjected to obligations that will be detrimental to your business financially.

 

Deletion of data

As a Customer, you want to have certain rights regarding the deletion of Protected Data.

Making sure that erasure leaves no data readable, decipherable, or recoverable may be expensive. Therefore, as Provider, you may want to consider adding provisions that the data deletion will be done using commercially feasible methods.

Data protection indemnity

The remedies and relief for breach of the Data Protection Schedule or the Data Protection Laws are usually addressed by an indemnity (see How to build an indemnity clause).

Breach & equitable relief

A Customer may also want to include a provision stipulating that a breach of the Data Protection Schedule will be deemed material with the hope that this will help them terminate the Agreement for cause if there is a breach.

Example schedule

Customer friendly

SCHEDULE – DATA PROTECTION

 

1.1.       Handling of Protected Data: 

(a)          Standard of care:  The Provider must keep and maintain all Protected Data in strict confidence, using such degree of care as is appropriate to avoid unauthorised access, use or disclosure.

(b)          Usage of Protected Data:  The Provider must use and disclose Protected Data solely and exclusively for the purposes for which the Protected Data, or access to it, is provided pursuant to the terms and conditions of the Agreement, and not use, sell, rent, transfer, distribute, or otherwise disclose or make available Protected Data for the Customer’s own purposes or for the benefit of anyone other than the Customer, in each case, without Customer’s prior written consent.

(c)          Disclosure:  The Provider must not, directly or indirectly, disclose Protected Data to any person other than Authorised Persons, without express written consent from the Customer, unless and to the extent required by government authorities or as otherwise, to the extent expressly required, by applicable law, in which case, the Provider must use reasonable efforts to notify the Customer before such disclosure or as soon thereafter as reasonably possible.

(d)          Responsibility for Authorised Persons:  The Provider is responsible for and remain liable to the Customer for the actions and omissions of such Authorised Persons concerning the treatment of such Protected Data as if they were the Provider’s own actions and omissions.

(e)          Written undertaking required from Authorised Persons:  The Provider must require the Authorised Persons that has access to Protected Data to execute a written undertaking to comply with this Schedule.

1.2.       Confidential information:  All Protected Data provided by the Customer to the Provider or to which the Provider may be exposed or acquire in terms of this Agreement, constitutes Confidential Information.

1.3.       Conflicts:  If there is a conflict or inconsistency between this Schedule and the confidentiality within the main body of the Agreement, the terms in this Schedule governs and controls.

1.4.       Cross border transfer:  The Provider must not transfer Protected Data (or allow Authorised Persons to transfer Protected Data) outside Republic of South Africa unless it receives the Customer’s prior written consent.

1.5.       Additional charges:  The Provider may charge additional fees at their standard rates for activities required by the Customer to assist them to comply with Data Protection Laws.

1.6.       Access rights:  The Customer may access and copy any Protected Data in the Provider’s possession or control at any time and the Provider:

(a)          must provide reasonable assistance to the Customer to access and copy the Protected Data.

(b)          may charge their reasonable then-standard fees for any assistance provided under 1.6.

1.7.       Protected data requests:  If the Provider receives a consumer “right to know,” deletion, “right to be forgotten,” or similar request related to Protected Data within Protected Data (the “Consumer Requests”), the Provider must not reply without the Customers written authorisation and shall, at the Customer’s expense, comply with the Customer’s reasonable written instructions for Consumer Requests (if any), subject to Data Protection Laws.

1.8.       Audits and certifications: 

(a)          The Provider must maintain annually updated reports and certifications (as may be applicable) of compliance with the following:

(i)           ISO 27001;

(ii)          SOC 2 Type II; and

(iii)         PCI Level 2.

(b)          The Provider must:

(i)           provide the Customer a copy of the most current certifications and reports (as may be applicable) within 30 days of request and thereafter annually within 30 days of completion of thereof; and

(ii)          if there are any deficiencies identified or changes suggested relating to the provisions of the Services under the Agreement, the Provider must exercise reasonable efforts to promptly address such deficiencies and changes.

(c)          Notwithstanding anything in this Schedule, the Provider is not required to permit any audit that may compromise the security of the Provider’ other customers’ data.

(d)          Any report provided under this Schedule must be regarded as confidential information.

1.9.       Inspections: 

(a)          If requested by the Customer, the Provider must permit inspection and security review by the Customer of systems processing Protected Data and on the Provider’s policies and procedures relating to data security.

(b)          The Customer may request an inspection contemplated in 1.9, every half-yearly starting from the date that this Agreement becomes effective.

(c)          Notwithstanding anything in this Schedule, the Provider is not required to permit any inspection that may compromise the security of the Provider’ other customers’ data.

1.10.    Data Incidents:  If there is a Data Incident, or if Provider suspects a Data Incident, the Provider must:

(a)          promptly, and in any case within 24 hours, give notification by telephone, in person, or by other real-time, in-person communication;

(b)          cooperate with law enforcement agencies, where applicable, to investigate and resolve the Data Incident;

(c)          provide reasonable assistance in notifying applicable third parties;

(d)          comply with applicable laws governing data breach notification and response;

(e)          if the Data Incident results from their breach of this Agreement or negligent or unauthorised act or omission of an Authorised Person, compensate the other Party for any reasonable expense related to notification of consumers;

(f)           give the other Party prompt access to such records related to a Data Incident as may reasonably be requested (such records will be regarded as confidential information and there will be no obligation to provide access to records that might compromise the security of the other customers); and

(g)          provide the name and contact information for an employee who shall serve as primary security contact and must be available to assist 24 hours per day,  7 days per week as a contact in resolving obligations associated with a Data Incident.

1.11.    Third-parties and Data Incidents: 

(a)          The Provider must not inform any third party of any Data Incident without first obtaining the Customer’s prior written consent, other than to inform a complainant that the matter has been forwarded to the Customer’s legal counsel. The Customer has the sole right to determine:

(i)           whether notice of the Data Incident is to be provided to any individuals, regulators, law enforcement agencies, consumer reporting agencies or others as required by law or regulation, or otherwise in the Customer’s discretion; and

(ii)          the contents of such notice, whether any type of remediation may be offered to affected persons, and the nature and extent of any such remediation.

(b)          The Provider must reasonably cooperate at its own expense with the Customer in any litigation or other formal action deemed reasonably necessary by the Customer to protect their rights relating to the use, disclosure, protection and maintenance of Protected Data.

(c)          If there is a Data Incident, the Provider must use their reasonable efforts to prevent a recurrence of any such Data Incident.

(d)          Nothing in this Schedule limits other rights or remedies of the Customer, if any, resulting from a Data Incident.

1.12.    Deletion of Protected Date:  Except as required by Data Protection Laws or authorised pursuant to a data deletion policy accepted in writing by each party, the Provider must not erase Protected Data or any copy thereof without the Customer’s prior written consent. The Provider must:

(a)          on request promptly erase all Protected Data from all systems under Provider’s control and direct and ensure erasure by any and all of its subcontractors that have access to Protected Data;

(b)          within 30 days of termination of this Agreement, erase all Protected Data in Provider’s possession or control, including without limitation in the possession or control of its subcontractors;

(c)          after erasure leave no data readable, decipherable, or recoverable on its computers or other media or those of its subcontractors, using the best erasure methods commercially feasible; and

(d)          promptly after any erasure of Protected Data or any part of it, certify such erasure.

1.13.    Minimum safeguards:  In addition to any other safeguards contemplated in this Schedule, the Provider must ensure at minimum that that:

(a)          their Personnel each have a unique user ID assigned to them, subject to strict confidentiality undertakings in terms of a password and confidentiality policy;

(b)          there are passwords required for any access to Data in line with its password policy;

(c)          its operating systems are secure and that the security settings in respect thereof are aligned with good industry practice;

(d)          its administrator accounts (and records of usage in relation thereto) are stored securely and can be accessed in the event of any service restoration or fault determination;

(e)          access to Data be limited to Personnel on a “need to know” basis, which Personal shall strictly utilise their unique user ID and applicable passwords to access same (the access to such Data shall be subject to a two-step authorisation/authentication process);

(f)           all Data is backed-up regularly, and to ensure that back up testing is conducted regularly in order to ensure that Data can be recovered in the event that such Data is lost, damaged or destroyed;

(g)          its environment has comprehensive malware protection software employed, which software is specifically designed to protect against the most recent malware infections;

(h)          frequent vulnerability scanning is conducted in order to assess whether any computers, networks or applications have any vulnerabilities to cyber-attacks; and

(i)           all designated networks, employ intrusion detection systems and intrusion prevention systems, and record any security incidents.

1.14.    IT network infrastructure diagram:  Upon the Customer’s written request, the Customer must provide the Customer with a network diagram that outlines the Provider’s information technology network infrastructure and all equipment used in relation to fulfilling of its obligations under the Agreement, including:

(a)          connectivity to the Customer’s and all third parties who may access the Provider’s network to the extent the network contains Protected Data;

(b)          all network connections including remote access services and wireless connectivity;

(c)          all access control devices (for example, firewall, packet filters, intrusion detection and access-list routers);

(d)          all back-up or redundant servers; and

(e)          permitted access through each network connection.

1.15.    Material breach:  Any breach of the obligations under this Schedule, is deemed a material breach of the Agreement.

1.16.    Equitable relief: 

(a)          The Provider acknowledges that:

(i)           no adequate remedy exists at law if it fails to perform or breaches any of its obligations under this Schedule;

(ii)          it would be difficult to determine the damages resulting from a breach of this Schedule, and such breach would cause irreparable harm to the Customer; and

(iii)         a grant of injunctive relief provides the best remedy for any such breach, without any requirement that the Customer prove actual damage or post a bond or other security.

(b)          To the extent permitted under Data Protection Laws, the Provider waives any opposition to such injunctive relief contemplated in Section 1.16 or any right to such proof, bond, or other security.

(c)          The Provider’s obligations in this Schedule apply likewise to the Provider’s successors, including without limitation to any trustee in bankruptcy.

 

Provider friendly

SCHEDULE – DATA PROTECTION

 

1.1.       Handling of Protected Data: 

(a)          Standard of care:  The Provider must keep and maintain all Protected Data in strict confidence, using such degree of care as is appropriate to avoid unauthorised access, use or disclosure.

(b)          Usage of Protected Data:  The Provider must use and disclose Protected Data solely and exclusively for the purposes for which the Protected Data, or access to it, is provided pursuant to the terms and conditions of the Agreement, and not use, sell, rent, transfer, distribute, or otherwise disclose or make available Protected Data for the Customer’s own purposes or for the benefit of anyone other than the Customer, in each case, without Customer’s prior written consent.

(c)          Disclosure:  The Provider must not, directly or indirectly, disclose Protected Data to any person other than Authorised Persons, without express written consent from the Customer, unless and to the extent required by government authorities or as otherwise, to the extent expressly required, by applicable law, in which case, the Provider must use reasonable efforts to notify the Customer before such disclosure or as soon thereafter as reasonably possible.

(d)          Responsibility for Authorised Persons:  The Provider is responsible for and remain liable to the Customer for the actions and omissions of such Authorised Persons concerning the treatment of such Protected Data as if they were the Provider’s own actions and omissions.

(e)          Written undertaking required from Authorised Persons:  The Provider must require the Authorised Persons that has access to Protected Data to execute a written undertaking to comply with this Schedule.

1.2.       Additional charges:  The Provider may charge additional fees at their standard rates for activities required by the Customer to assist them to comply with Data Protection Laws.

1.3.       Aggregated and anonymized data:  The Customer hereby authorises the Provider to:

(a)          Anonymize Customer Data and to combine it with data from other customers into a new aggregate dataset; and

(b)          use such Anonymized Customer Data as a component of such new aggregate dataset for any legal business purpose, including without limitation for distribution to third-parties.

1.4.       Minimum safeguards:  In addition to any other safeguards contemplated in this Schedule, the Provider must ensure at minimum that that:

(a)          their Personnel each have a unique user ID assigned to them, subject to strict confidentiality undertakings in terms of a password and confidentiality policy;

(b)          there are passwords required for any access to Data in line with its password policy;

(c)          its operating systems are secure and that the security settings in respect thereof are aligned with good industry practice;

(d)          its administrator accounts (and records of usage in relation thereto) are stored securely and can be accessed in the event of any service restoration or fault determination;

(e)          access to Data be limited to Personnel on a “need to know” basis, which Personal shall strictly utilise their unique user ID and applicable passwords to access same (the access to such Data shall be subject to a two-step authorisation/authentication process);

(f)           all Data is backed-up regularly, and to ensure that back up testing is conducted regularly in order to ensure that Data can be recovered in the event that such Data is lost, damaged or destroyed;

(g)          its environment has comprehensive malware protection software employed, which software is specifically designed to protect against the most recent malware infections;

(h)          frequent vulnerability scanning is conducted in order to assess whether any computers, networks or applications have any vulnerabilities to cyber-attacks; and

(i)           all designated networks, employ intrusion detection systems and intrusion prevention systems, and record any security incidents.

Table of Contents

The Author

Martin Kotze is a commercial lawyer with over 10 years of experience. He specialises in transactional work within the Tech, Financial Services and Property industries. 

He is also one of the co-founders at DocNinja and regularly advises listed companies to small and medium enterprises on how to contract better with their customers. 

Martin Kotze
Linkedin Envelope
Talk to Martin

This is a free 30min consultation to better understand your business and your needs.

Building a software licence clause

How to build a software licence clause

In this article, we have a look at some of the important aspects that must be kept in mind when drafting a software licence clause.

Start building

What is a Software licence?

To understand a Software licence, you must have a basic understanding of copyright law and what Software is.

In practice, Software can take different forms. These different forms are usually referred to as object code and source code.

You appoint a software developer to write the “code” for your app. The software developer will use a programming language, for example, PHP, JavaScript etc., to “code” your app, website, system etc. This code that your software developer writes is the source code.

Through a compiler, the source code is then turned into object code and then into a file that a machine can execute. The object code is the code required to run the Software. So, for example, when you download MS Word, you are downloading a copy of the file containing the object code that your computer requires to install and run MS Word.

Generally, with proprietary licences, you will be licencing the object code. Copyright law now comes into play. As the Software owner, you have certain exclusive rights related to the Software.
These exclusive rights can be made available (licenced) to third parties. Examples of these rights include copying, reproducing, modifying, and distributing the Software.

Building blocks of a propriatary Software licence

building blocks of a software licence clause

Licenced rights

Because a Software licence is a copyright licence, the rights licenced under the Software Licence will be the usual copyright rights recognised within the applicable jurisdiction – For example, the right to use, copy and reproduce, modify or create derivative works, or distribute the Software.

Additional aspects that need to be considered in respect of the licenced rights are:

To whom is the licence provided

Generally, the licence is provided to the Licensee; however, there are situations where the licence must be provided to the Licensee at their Affiliates (usually a defined term).

Exclusivity

If the licence is provided on an exclusive basis, the Licensor will only be able to licence the Software to the Licensee and no one else.

If the licence is exclusive, consider if the exclusivity relates to a specific Territory or Industry.

With a non-exclusive licence, the Licensor can licence the Software to other third parties on a non-exclusive basis.

Revocability

As the Provider, you want to provide a revocable licence that can be revoked if the Customer breaches the Agreement.

The duration of the licence

Licences can be for a fixed period or perpetual.

The purpose of licence

As the Provider, you want to be clear on the purpose of the licence. The main reason is to ensure the Customer doesn’t exploit the licence in such a way that can be to your detriment. Most of the time, with a proprietary licence, the Customer is only allowed to use the licence for internal business purposes.

Updates

Software is released in versions, and as the Provider, you would generally want to ensure the Customer is running the latest version of the Software to assist with support and maintenance.

The definition of Updates is an important aspect to consider.

Do Updates include releases of the new versions with additional features? Or are Updates limited to bug fixes and general updates? As a Provider and part of your IP commercialisation strategy, you want to be clear on what the Customer will be entitled to when new software releases become available.

You may also consider separating the Term of the Agreement (the licence term) and the term for software Updates (support and maintenance term).

Limitations

As a Provider, you want to commercialise your IP: limiting copies, installations, users etc., allows you to provide different pricing structures for Customers of different sizes.

If you are looking at providing an enterprise licence, you may also consider limiting the licence to specific sites or concurrent users.

Restrictions

So, what is not allowed?

The usual suspects include:

  • Sublicensing the Software or exploiting the Software in a way that is to the detriment of the Provider
  • Making use of the source code or trying to gain access to the source code
  • Using the Software to provide a Software-as-a-Service solution

 

However, the restrictions do not have to be limited to the above. Each business is unique, and a transaction may require additional restrictions (or exceptions to the above restrictions).

Fees

Be clear on the fees payable regarding the licence. If the licence is a perpetual, no charge, royalty-free licence. Specifically, stipulate this.

There is no one way in which licence fees work. Licence fees can be linked to a variable (for example, a % of turnover) or a fixed annual fee. It all depends on the transaction and what the Parties require.

Obligations of the Customer

Placing express obligations on the Customer to do or not do something may be beneficial to the Provider when enforcing rights under the Agreement or claiming damages for breach of contract.

The obligations generally imposed include the Customer’s obligation to: 

  • ensure the Software and the Documentation are protected at all times from misuse, damage, destruction or any form of unauthorised use, copying or disclosure
  • maintain all proprietary notices on the Software and the Documentation
  • not transfer, assign or otherwise deal with or grant a security interest in the Software, the Documentation or the Provider’s rights under the Agreement

 

As Provider, you may also want to consider including obligations that may assist you as Provider in exercising your rights; for example, the Customer must:

  • not challenge the Provider’s ownership, or the validity, of the Software, the Documentation or any other item or material created or developed by or on behalf of the Provider under or in connection with the Agreement (including the Intellectual Property Rights in those items)
  • notify the Provider in writing immediately after it becomes aware of any circumstance which may suggest that any person may have unauthorised knowledge, possession or use of the Software or the Documentation

Example clauses

Provider friendly

1.           SOFTWARE LICENCE

1.1        Software Licence grant:  Subject to any limitation or restrictions as per this Agreement, and subject to the payment of the fees under this Agreement, the Provider hereby grants to the Customer a non-exclusive, revocable, worldwide, licence in respect of the Software and Documentation during the Term with the right to use, copy and reproduce the Software and the Documentation as provided for in the Agreement for internal business purposes.

1.2        Copies:  The Customer can reproduce and use such number of copies as are necessary for Customer’s business operations.

1.3        Concurrent Users:  The maximum number of Concurrent Users that may use the Software at any given time is 50.

1.4        Restrictions:  Unless otherwise stipulated in the Agreement, the Customer must not, and must not permit any third party, to:

(a)          sublicense, lease, rent, loan, disclose or otherwise make available the Software and Documentation;

(b)          access, read, analyse or otherwise use any part of the Source Code;

(c)          use the Software for service bureau or time-sharing purposes and allow third parties to exploit the Software, including without limitation as software-as-a-service;

(d)          reverse assemble, decompile, disassemble or otherwise attempt to derive Source Code or the algorithmic nature of the Software;

(e)          otherwise produce its own version of the Software (without copying the Source Code thereof); and

(f)           remove or circumvent any protection of the Software.

1.5        Delivery:  The Provider must provide the Software and Documentation to the Customer, through a system of electronic download on the Effective Date.

1.6        No other rights or licences:  Other than the licence and rights under this Agreement, no rights or licences are granted or implied, under any intellectual property rights of the Provider or any intellectual property in the Software or the Documentation.

1.7        Customer obligations:  The Customer must:

(a)          ensure the Software and the Documentation are protected at all times from misuse, damage, destruction or any form of unauthorised use, copying or disclosure;

(b)          maintain all proprietary notices on the Software and the Documentation;

(c)          not transfer, assign or otherwise deal with or grant a security interest in the Software, the Documentation or the Provider’s rights under the Agreement;

(d)          not challenge the Provider’s ownership, or the validity, of the Software, the Documentation or any other item or material created or developed by or on behalf of the Provider under or in connection with the Agreement (including the Intellectual Property Rights in those items); and

(e)          notify the Provider in writing immediately after it becomes aware of any circumstance which may suggest that any person may have unauthorised knowledge, possession or use of the Software or the Documentation.

1.8        Users:  The Customer is responsible and liable for the acts and omissions of Users related to this Agreement and to the products and services provided pursuant to this Agreement, as if they were Customer’s own acts and omissions.

Customer friendly

1.           SOFTWARE LICENCE

1.1        Software Licence grant:  Subject to any limitation or restrictions as per this Agreement, the Provider hereby grants to the Customer, and their Affiliates, a exclusive, irrevocable, worldwide, perpetual, licence in respect of the Software and Documentation during the Term with the right to:

(a)          use, copy and reproduce the Software and the Documentation as provided for in the Agreement;

(b)          distribute the Software and Documentation;

(c)          modify, translate or create derivative works of any part of the Software and Documentation; and

(d)          display, or perform in any media and through any technology or other means of delivery, whether now known or developed in the future the Software and Documentation.

for such purposes as the Customer, within their sole discretion, deems fit.

1.2        Copies:  The Customer can reproduce and use such number of copies as are necessary for Customer’s business operations.

1.3        Restrictions:  Unless otherwise stipulated in the Agreement, the Customer must not, and must not permit any third party, to:

(a)          sublicense, lease, rent, loan, disclose or otherwise make available the Software and Documentation;

(b)          access, read, analyse or otherwise use any part of the Source Code;

(c)          use the Software for service bureau or time-sharing purposes and allow third parties to exploit the Software, including without limitation as software-as-a-service;

(d)          reverse assemble, decompile, disassemble or otherwise attempt to derive Source Code or the algorithmic nature of the Software;

(e)          otherwise produce its own version of the Software (without copying the Source Code thereof); and

(f)           remove or circumvent any protection of the Software.

1.4        Delivery:  The Provider must provide the Software and Documentation to the Customer, through a system of electronic download on the Effective Date.

1.5        No other rights or licences:  Other than the licence and rights under this Agreement, no rights or licences are granted or implied, under any intellectual property rights of the Provider or any intellectual property in the Software or the Documentation.

1.6        Users:  The Customer is responsible and liable for the acts and omissions of Users related to this Agreement and to the products and services provided pursuant to this Agreement, as if they were Customer’s own acts and omissions.

 

Are there other clauses that must be considered with the Software Licence clause?

When granting a Software licence, there will usually be warranties with regards to the Software.

For example, the Software will perform in accordance with the Documentation, the Licensor is the owner of the Software, the Software will not contain any viruses etc. For info on building your warranty clause, have a look here.

Another aspect that comes into play with Software will be indemnities against third-party intellectual property infringement claims. For more info on building your indemnity clause, have a look here.

Categories

Table of Contents

The Author

Martin Kotze is a commercial lawyer with over 10 years of experience. He specialises in transactional work within the Tech, Financial Services and Property industries. 

He is also one of the co-founders at DocNinja and regularly advises listed companies to small and medium enterprises on how to contract better with their customers. 

Martin Kotze
Linkedin Envelope
Talk to Martin

This is a free 30min consultation to better understand your business and your needs.

Building a force majeure clause

How to build a force majeure clause

In this article, we have a look at some of the important aspects that must be kept in mind when drafting a force majeure clause.

Start building

Most disputed terms WCC ranking: 

10

Most important terms WCC ranking: 

22

Most negotiated terms WCC ranking: 

29

What is the purpose of a force majeure clause?

A force majeure clause is used to determine what happens when an event or circumstance arises that is beyond the reasonable control of a party and this event or circumstance impacts on the ability of a party to perform under the agreement. 

Building blocks of a Force Majeure Clause

building a force majeure clause

Qualifiers

Sometimes force majeure events are qualified by the foreseeability thereof. In other words, if the event or circumstance was foreseeable on the date the agreement was concluded, this event or circumstance will not be regarded as a force majeure event.

On the face of it, it appears fine.  However, there are industries where the probability of disruptions is high and the costs to overcome this disruption will be disproportionate to the commercials of the transaction. In these situations, excluding the foreseeability qualifier may be required.

Other qualifiers that are important relates to whether or not the default or delay was caused by the party claiming force majeure and whether the party claiming the force majeure could have prevented the default or delay by taking reasonable precautions.

Laundry list items

Following the definition of what constitutes force majeure in your agreement, you may want to consider including a laundry list of items that will be regarded as force majeure events. These events are usually specific to the transaction and the industry and may not typically be classified as force majeure.

The purpose of this laundry list is to provide clarity. Here are a couple of examples of the laundry list items:

  • acts of God, natural disasters, earthquakes, fire, explosions, floods, hurricanes, storms or other severe or extraordinary weather conditions, natural disasters
  • sabotage, contamination, nuclear incidents, epidemics
  • war (civil or other and whether declared or not), military or other hostilities, terrorist acts or similar, riot, rebellion, insurrection, revolution, civil disturbance, or usurped authority
  • strikes or other industrial disputes that affect an essential portion of the supplies or works, except with respect to workers under the control of the party asking for relief due to this event
  • non-availability or loss of export permit or license for the products or services to be delivered, or of visas or permits for the party’s personnel
  • requisition or compulsory acquisition by any governmental or competent authority, embargo, or other sanctions
  • currency restrictions, shortage of transport means, general shortage of materials, restrictions on the use of or unavailability or shortage of power or other utilities.

 

When acting for the party that will likely have to claim force majeure, make sure that when adding to the laundry list, stipulate the effects of the event, not simply the specific events. Focusing on the effects of an event may assist in broadening the definition of a force majeure event.

Notification requirements & obligations

Generally, you want a party claiming force majeure to notify the other party as soon as reasonably possible and provide all relevant information describing the circumstances and the performance affected at a reasonable level of detail.

If you are the party that will most likely have to resist force majeure claims, you may want to consider imposing express obligations on the party that will likely be claiming force majeure. For example, you can include an express obligation on the party claiming force majeure to use reasonable endeavors to overcome the force majeure and to continue performing under the agreement as far as reasonably possible.

The notification requirements and obligations will not disqualify a claim under force majeure but if these express obligations are not met, the party resisting the force majeure claim may consider instituting a claim for breach of contract.

Termination rights

It may happen that the force majeure event continues for an unsustainable period. Your force majeure clause needs to stipulate the parties’ obligations to meet and discuss and also what happens if a resolution cannot be obtained.

Generally, if the parties cannot agree on the next steps, a right is included (usually for both parties) to terminate the agreement.

Example clauses

Customer friendly

1.           FORCE MAJEURE

1.1         Qualifying events or acts:  Neither Party is liable for failure or delay to perform their obligations under the Agreement to the extent caused by events or acts beyond their control which could not have been reasonably foreseeable when the Agreement was concluded and includes events or acts of:

(a)         acts of God, natural disasters, earthquakes, fire, explosions, floods, hurricanes, storms or other severe or extraordinary weather conditions, natural disasters, and

(b)         war (civil or other and whether declared or not), military or other hostilities, terrorist acts or similar, riot, rebellion, insurrection, revolution, civil disturbance, or usurped authority.

1.2         Exclusions:  The relief in Section 1.1 will not apply to the extent that:

(a)         the default or the delay was caused by the non-performing Party; or

(b)         such default or delay could have been prevented by precautions and could have been circumvented by the non-performing Party using alternate sources, workaround plans, or other means.

1.3         Obligations:  If an event or act as contemplated in Section 1.1 occurs:

(a)         the non-performing Party must as soon as practical notify the other Party provide all relevant information, describing at a reasonable level of detail the circumstances and the performance that is affected;

(b)         the non-performing Party must use reasonable endeavours to overcome the event; and

(c)         the non-performing Party must continue to perform their obligations as far as practicable.

1.4         Process:  Should either Party be prevented from carrying on their contractual obligations due to an event above lasting continuously for 30 days, the Parties will consult each other on the future implementation of the Agreement.

1.5         Termination:  If the Parties don’t mutually arrive at an acceptable arrangement within 30 days after that, the Customer can terminate the Agreement immediately on written notice.

 

Provider friendly