General Terms and Conditions of Mitigo's Consultancy Work

1.0 Definitions

1.1. “Client” shall be the party to which or to whom Mitigo has agreed to provide Services.  

1.2. “Client’s IT Systems” means any digital infrastructure including without limitation any hardware or software owned or operated by the Client or its employees or contractors and whether hosted by the Client or any 3rd parties.

1.3. “Data Processor Addendum” means the form attached below which sets out the Parties’ obligations   under the Data Protection Laws where MITIGO undertakes processing on behalf of the Client;

1.4. “Data Protection Laws” means in relation to any Personal Data which is Processed in the performance of this Agreement i) the UK GDPR as defined in section 3(10) of the Data Protection Act 2018 (“UK GDPR”); ii) the Data Protection Act 2018; iii) any other applicable data protection or privacy laws. Defined terms in this clause 1.6 have the same meaning as set out in the Data Processor Addendum;

1.5. “Documentation” means any documentation, which is made available to the Client by MITIGO (whether online or in hard-copy);

1.6.  “Intellectual Property Rights” means any and all rights in patents, rights to inventions, copyright and related rights, moral rights, trade marks and service marks, business names and domain names, rights in get-up and trade dress, goodwill and the right to sue for passing off or unfair competition, rights in designs, rights in computer software, database rights, rights to use, and protect the confidentiality of, confidential information (including know-how and trade secrets) and all other intellectual property rights, in each case whether registered or unregistered and including all applications and rights to apply for and be granted, renewals or extensions of, and rights to claim priority from, such rights and all similar or equivalent rights or forms of protection which subsist or will subsist now or in the future in any part of the world;

1.7. “MITIGO” means MITIGO LIMITED, incorporated under the laws of England and Wales with registered number 15672839 and with registered office located at Suite 1, 2nd Floor, Southgate 2, 319

Wilmslow Road, Cheadle, Cheshire, SK8 3PW; 

1.8. “Services” means the services which Mitigo has agreed to provide to the Client.

1.9. “Subcontractors” means the subcontractors, from time to time of MITIGO;

1.10. “United Kingdom” means the United Kingdom of Great Britain and Northern Ireland;

1.11. “United States” means the United States of America;

MITIGO and the Client are individually referred to as a Party and collectively referred to as the “Parties”. 

Unless the context otherwise requires: 

  • words in the singular shall include the plural and, in the plural, shall include the singular; and
  • a reference to one gender shall include a reference to the other gender.

2.0 Client’s obligations 

2.1 The Client shall at all times:

  • co-operate with MITIGO on all matters relating to the Services;
  • provide, in a timely manner, such information as MITIGO may reasonably request in order to provide the Services and ensure that all information that the Client provides is accurate in all material respects;
  • allow MITIGO and its Subcontractors access to any of the Client’s premises which may be required in order to perform the Services;
  • allow MITIGO and its Subcontractors remote access to the Client’s IT systems;
  • make available to Mitigo and its Subcontractors such employees and other individuals as they may require; and
  • immediately after becoming aware, notify MITIGO in writing of any matters which may affect MITIGO’s performance of the Services in any way.

2.2 Any technical equipment which MITIGO or its Subcontractors may use or install for the purposes of the Services, shall at all times remain the property of MITIGO, and the client shall allow MITIGO or its Subcontractors access to the Client’s premises to remove any such equipment.

3.0 Intellectual Property Rights 

3.1 The Documentation and all Intellectual Property

Rights in the Documentation belong to and are vested in MITIGO or its third-party providers. Nothing in the provision of Services shall be construed as an assignment of rights in favour of the Client. The Client shall use the Documentation for its own internal business purposes only.

4.0 Payment terms 

4.1 In the event that the Client fails to pay any amount due, MITIGO reserves the right to charge late payment interest on any such overdue payment at the rate of 4 per cent. over the base rate of Barclays Bank Plc applicable from time to time.

4.2 The Client shall have no right of set-off.

5.0 Data Protection

5.2 Prior to and during the provision of the Services, MITIGO may, as Data Controller, collect or receive Personal Data relating to the Client’s Employees, directors, agents, shareholders, suppliers, contractors, associates or others.  

The Client is aware of MITIGO’s privacy policy at: https://mitigogroup.com/privacypolicy/.  

The Client confirms that it is authorised to provide or permit access to this Personal Data and that the Client has provided any required privacy notices to all the relevant data subjects.

6.0 Warranties 

6.1 The Parties warrant that they have the authority and the rights to enter into all agreements in relation to the provision of Services.

6.2 MITIGO does not warrant or guarantee that any part of the Services shall:

  • be of satisfactory quality;
  • be accurate; or
  • fit for any particular purpose.

6.3 All other warranties either express or implied by law or otherwise are hereby excluded.

7.0 Client Remains Responsible

Without prejudice to clause 6, the Client acknowledges and accepts the following:

  1. the Client is and at all times remains fully responsible for the Client’s IT system (including without limitation its confidentiality, integrity, availability and resilience);
  2. any on-site or remote investigations or assessments can only look at the condition of the Client’s IT system at the time they are undertaken. It is not possible to review everything and there will always be parts or areas of the Client’s IT system which are not reviewed.  Further, other security related issues will arise from time to time, including after any on-site or remote investigations or assessments have taken place;
  3. any information provided as part of the Services including any management information, recommendations, technical reports, get well plans, cyber risk ratings, are for guidance only, and are intended to help to improve the Client’s cyber resilience. MITIGO does not guarantee that the Client will be free from attacks, breaches and failures.  No organisation is impregnable and all organisations will experience security incidents.

8.0 Termination

8.1 Without affecting any other right or remedy available to it, MITIGO may terminate the provision of the Services with immediate effect if:

  • the Client fails to pay any amount due on the due date for payment; or
  • the Client commits a breach of any of these terms and conditions.

8.2 Either Party may terminate the provision of Services with immediate effect if the other party is bankrupt or insolvent or becomes unable to pay its debts as they fall due or an event analogous to any of the aforesaid shall occur in any jurisdiction.

9.0 Confidential Information

9.1 Except as provided by clauses 9.3 and 9.4, the Parties shall at all times during the continuance of the provision of Services and after their termination use their best endeavours to keep all restricted information (as defined below) confidential and accordingly must not:

  • disclose any restricted information to any other person; or
  • use any restricted information for any purpose other than the performance of their obligations in relation to the provision of Services.
  • References to ‘restricted information’ are references to any information disclosed to either party (“Receiving Party”) by the other party (“Disclosing Party”) pursuant to or in connection with the provision of Services, whether orally, digitally or in writing and whether or not it is expressly stated to be confidential or marked as such.
  • Any restricted information may be disclosed by the Receiving Party to:
  • any governmental or other authority or regulatory body; or
  • any employees of the Receiving Party or of any of the aforementioned person; but only to the extent necessary for purposes related to the Services or as is required by law, and subject in each case to the Receiving Party using its best endeavours to ensure that the person in question keeps the information confidential and does not use it except for the purposes for which the disclosure is made.

9.4 Any restricted information may be used by the Receiving Party for any purpose, or disclosed by the Receiving Party to any other person, to the extent only that:

  • it is at the time of use or disclosure, public knowledge through no fault of the Receiving Party; or
  • it can be shown by the Receiving Party, to the reasonable satisfaction of the Disclosing Party, to have been known by it before it was disclosed by the Disclosing Party, provided that the Receiving Party must not disclose any restricted information that is not public knowledge.

10.Anti-Bribery 

The Parties shall comply with all applicable laws, statutes, regulations, and codes relating to anti-bribery and anti-corruption including but not limited to the Bribery Act 2010 in the UK.   

11.Limitation of Liability 

11.1 Nothing in these terms and conditions shall be deemed to limit or exclude either Party’s liability for:   (i) death or personal injury caused by negligence;

  • fraud or fraudulent misrepresentation; and
  • any other liability that cannot by law be limited or excluded.

11.2 Subject to clause 11.1, neither Party shall, in any event be liable whether in contract (by way of indemnity or otherwise), tort (including negligence), misrepresentation, restitution or otherwise under or in connection with the provision of Services for:

  • any special, indirect, or consequential loss or damage;
  • any direct or indirect loss of profit, turnover, business, business opportunity, revenue, contracts, goodwill, reputation, anticipated savings or management time; or (iii) loss or corruption of data. 

11.3 Subject to clause 11.1, MITIGO’s  maximum liability to the Client in respect of any claim (or series of connected claims) under or in connection with the Services whether arising in contract (including by way of indemnity), tort (including negligence), misrepresentation, restitution or otherwise will be limited to a sum equivalent to the total fees paid by the Client in respect of the Services during the 12 (twelve) month period immediately before the date on which the cause of action first arose. 

12.General  

12.1 Publicity. The Client gives its consent to MITIGO to use the Client’s trade marks in order to make public announcements concerning the relationship between the Parties.

12.2 Third Party Rights. The agreement to provide the Services does not give rise to any rights under the Contracts (Rights of Third Parties) Act 1999 to enforce any term of such agreement.

12.3 No assignment. The Client shall not assign, transfer, mortgage, charge, subcontract, delegate, declare a trust over or deal in any other manner with any of its rights and obligations under the agreement to provide the Services.

12.4 MITIGO may assign, sub-contract or deal in any way with any of its rights and obligations under in relation to the provision of the Services.

12.5 Complaints. If the Client has a complaint, it should be directed by email to complaints@mitigogroup.com. The complaint will be acknowledged as soon as reasonably practicable. The complaint will be investigated, and a response will normally be provided within 1 week of receipt. Where that is not possible, the Client will be informed of the progress of the investigation. The outcome of the investigation and a decision will be provided to the Client by email.

12.6 Governing Law and Jurisdiction. The terms and conditions of the provision of the Services shall be governed by the laws of England and Wales.  The Parties hereby irrevocably submit to the exclusive jurisdiction of the courts of England and Wales in respect of any claim or matter arising out of or in connection with the provision of Services (including any application by either Party for an injunction or any other emergency relief).