Commercial & Technology Contracts, Outsourcing & Data

Contract Formation

What makes an oral or written contract legally binding?

A contract is a legally enforceable agreement which gives certain rights and responsibilities to those that agree to their terms. Contract formation is a practical question and is often determined by analysing the prior negotiations (such as email chains) between the parties.  A brief summary of the essential elements to be established for contract formation in English law is as follows:

1. Offer – a specific promise forming the basis of the agreement without further negotiation;
2. Acceptance – must be final and communicated to the other party;
3. Consideration – a form of payment regardless of type or amount;
4. Intention to create legal relations – usually presumed in commercial arrangements and proven through signature by both parties for written agreements; and
5. Certainty of terms – the agreement is not vague or lacking in essential terms.

Can I sign a written contract electronically?

Yes. English law allows for e-signatures of all complexities to be used as the basis for entry into a contract with equal treatment to execution by wet-ink signature, so long as the signatory intends for the e-signature to authenticate the document.

Types of e-signature include typewritten, scanned and digital representations of characteristics such as fingerprints.  Please see our e-signatures blog or contact the team for further details.

My terms of business are online only, how do I ensure customers agree to them?

The essential elements of contract formation also apply to terms of business displayed on your website or app.

Importantly, your customers must be given the opportunity to accept or decline the terms, for example by completing a tick box and clicking a button. Additional requirements as to the type and amount of information to be included in the terms of business will vary depending on whether you are engaging consumers or businesses.

For further advice on the type and amount of information that should be included, contact the team.

Agency and Distribution

What is the difference between an agent and a distributor?

The terms ‘agent’ and ‘distributor’ are often used interchangeably as supply chain intermediaries but they differ substantially as regards their legal interpretation. An agent is a person who acts on behalf of another party (the principal).

Some agents have the power to negotiate and conclude contracts with customers on the principal’s behalf whereas others have the ability to make introductions only. Agents are generally not parties to the contract between the principal and the customer. In such cases, a customer who buys from the agent is in fact entering into a contract with the principal. Clearly identifying the scope of the agent’s power will help avoid uncertainty as to whether the principal has incurred liability to a customer.

A distributor purchases goods from the manufacturer or supplier and resells them to its customers with a margin to cover its costs and make profit. In this way the distributor contracts with both the supplier and the customer. An agency agreement may be preferable where the agency commission fees are lower than the margin costs of a distributor or where the principal wishes to retain control of the price of the goods, the target customer base and how the goods are marketed.

By contrast, a distribution agreement may be more appropriate if the supplier intends for title and risk in the goods to pass to the distributor. Distribution arrangements are more straightforward to terminate because they are not subject to the commercial agency regulations which grant a right to a lump sum payment to certain agents on termination of their agency agreement, regardless of breach of contract by the agent. Taxation is also less problematic for distributors as there is no risk of double taxation which can arise when a principal is deemed to trade in a particular country because it has an agent there.

Data Protection

What is personal data?

Personal data is any information about a particular living individual (known as the “data subject”) such as employees, customers, business contacts and members of the public. This information could directly identify a person by name or enable them to be identified through a combination of information such as by identification number and address.

What is the UK GDPR and what does it do?

The UK GDPR is shorthand for the retained EU law version of the General Data Protection Regulation as it forms part of the law of England and Wales by virtue of section 3 of the European Union Withdrawal Act 2018 and as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations. More specifically, it is defined in section 3(10) of the Data Protection Act 2018 (“DPA 2018”), supplemented by section 205(4). As such, organisations need to bear in mind that there are two legal texts to consider, where relevant: the UK GDPR as well as the DPA 2018.

The purpose of the UK GDPR is to create a framework for the fair and proper use of information about people by organisations which, in turn, fosters the build-up of trust between individuals and organisations. The UK GDPR introduces minimum standards of care to ensure that organisations adopt a risk based approach when collecting, using, storing or otherwise processing an individual’s personal data. This includes key principles to inform decision making as well as certain lawful bases which require the processing to be necessary for a particular purpose and communicated in a privacy notice.

Do I need to incorporate specific provisions into the terms of my contracts with suppliers and customers due to the UK GDPR?

Under the UK GDPR, a data controller may only engage a data processor via a legally binding contract containing certain mandatory terms. Details of the mandatory terms to be adopted can be found in our blog. You should consider whether your contracts with suppliers (who process personal data as processors) contain the mandatory terms and, if not, vary them accordingly.

You should also consider whether your business, in the course of providing its services, does so as a data processor. If so, you will need to ensure that your terms of business with all of your customers incorporate the mandatory terms set out in the UK GDPR.

Can I transfer personal data overseas?

The UK GDPR restricts transfers of personal data to countries located outside the United Kingdom (“third countries”) as well as to international organisations (these transfers each are known as “restricted transfers”). This is because data subjects risk losing the protection granted by the UK GDPR in these situations. As such, restricted transfers cannot be made without:

1. the data subject’s specific and informed consent; or
2. an adequacy decision from the Information Commissioner’s Office (“ICO”). Briefly, an adequacy decision means that the level of protection provided by a country’s data privacy regime is considered to be essentially equivalent to the standards of care set out in the UK GDPR; or
3. an appropriate safeguard being implemented within the relevant organisation receiving the data as listed in UK GDPR; or
4. one of a selection of derogations for specific situations.

Typically, organisation rely on the implementation of appropriate safeguards in order to lawfully make restricted transfers and the most commonly used safeguards are:

1. the international data transfer agreement (“IDTA”) and the international data transfer addendum (“Addendum”) to the European Commission’s standard model contract clauses for international data transfers implemented by the ICO; and
2. binding corporate rules (“BCRs”) for group companies located in different jurisdictions.

The IDTA and Addendum are entered into between the data exporter (located inside the UK) and the data importer (located outside the UK) which contain non-negotiable contractual obligations and directly enforceable rights for the individuals concerned.  Binding corporate rules are effectively an internal code of conduct between the relevant group companies approved by the ICO.

Before you rely on one of the above appropriate safeguards as a transfer mechanism to make a restricted transfer, you must first carry out a transfer risk assessment (“TRA”). The TRA will help you consider whether, in the circumstances of the transfer and with your chosen safeguard in place, the relevant protections for data subjects under the UK data protection regime will not be undermined.

Once the TRA is completed and it’s determined that the transfer mechanism does provide appropriate safeguards, and effective and enforceable rights for individuals, then the restricted transfers of data can go ahead provided that the rest of UK GDPR is complied with.

What does the UK GDPR mean for my business?

The UK GDPR introduces different responsibilities for data controllers, joint controllers and processors. The role that your business plays in a commercial arrangement will depend on the particular circumstances.

Generally, the controller will be the decision maker determining how, why and which personal data is collected. Joint controllers will have data collection objectives and procedures in common with another controller. The processor follows instructions and usually receives the data from a third party, such as a client.    

The ICO can bring enforcement action against both controllers and processors for non-compliance with the UK GDPR. Likewise, individuals can make a claim for compensation and damages against both controllers and processors for breaches of the rights under data protection law. It is therefore crucial that you carefully review and document the flow of personal data between your organisation and others so that your status is clear (regardless of the terminology used in a contract).

What happens if my business does not comply with the UK GDPR?

Your data protection obligations should be taken seriously as a failure to comply may lead to the UK’s privacy regulator, the Information Commissioner’s Office, imposing fines of up to the higher of £17.5m and 4% of your businesses’ global turnover in the preceding financial year (and that’s without taking into account the additional reputational damage).

Contract protections

Indemnification: I have been asked to indemnify the other party in a contract. What does this mean and what do I need to consider?

An indemnity is a promise to reimburse the contract counterparty (and any other specified persons) for losses suffered as a consequence of a specific event taking place. For example, in a licence of intellectual property rights, the licensee may wish to be indemnified by the licensor for any losses suffered as a result of a third party claiming that the use of such rights infringes rights which they hold.

Unlike a regular claim for breach of contract, there is no need to show fault and if the specified trigger event occurs, the indemnifying party automatically becomes liable.  

Giving an indemnity should not be taken lightly. You should consider whether other contractual protections may be more suitable in the circumstances. Further, the scope of an indemnity and the extent of losses that it covers as well as limitations of liability should be carefully worded.

Warranties: What are warranties and what do they usually cover in services agreements?

A warranty is an assurance or a statement of fact in a contract by one party to the other. If the warranty is breached, it constitutes a breach of contract which may give rise to a claim for damages.  

Unlike a condition, a breach of warranty does not provide the injured party with a right to terminate the contract.

Agreements for the provision of services typically include warranties from the supplier that:

• the services will be provided in accordance with a specific services specification;
• any deliverables will be sufficiently fit for purpose;
• the services will be provided with an appropriate level of skill, care and diligence;
• the services will be performed in accordance with all applicable laws and regulations;
• it has, and will maintain, all applicable licences and consents necessary to carry out the services; and
• use of the services will not infringe any intellectual property, or other rights, of any third party.

Suppliers should, of course, pay careful attention to the wording of the warranties in their contracts to ensure that they can provide them and they do not expose the business to unnecessary risk.

If a warranty in respect of a material area of risk is breached, an indemnity is typically requiring for any losses suffered arising from that breach.

Confidentiality: What are NDAs used for and what should they typically include?

Non-Disclosure Agreements (“NDAs”) are generally short form commercial contracts that are put in place to protect the confidentiality of information that is disclosed between the parties for a particular business purpose.

Confidential information can be broadly defined to protect both commercial information and personal data.  Examples of information that is typically protected by a NDA include:

• Financial information;
• Business plans;
• Customer lists;
• Methodology;
• Improvements to processes; and
• Computer programs.

NDAs are designed to prevent the recipient from taking unfair advantage of information received in confidence.  This is achieved in part by restricting the use of the confidential information to a defined purpose. 

For example, if you are an investor or start-up business entering into discussions to explore a potential investment, then use of the confidential information should be carefully defined to reference the prospective transaction. Other key considerations will depend on your particular business requirements but common issues include whether the obligations are unilateral or mutual (i.e. is there a one way flow of information or is it coming from both sides?), the duration of the obligations and remedies for breach of confidentiality.

Penalties: What is a penalty clause and are they legal in the UK?

Penalty clauses have the objective of punishing the defaulting party by requiring payment of an excessive amount which is triggered a specified breach of contract.  Penalty clauses will not be enforced by courts in England and Wales beyond the sum of the actual loss suffered. 

Typical examples of penalty clauses include high levels of late payment interest or a disproportionately large sum becoming payable on the occurrence of a breach e.g. if the deliverables for services have not been provided by a particular date. It can be difficult to accurately anticipate the losses likely to be suffered as a result of breach and it is best to take advice as to whether a provision is likely to be valid from the outset.

IP Licensing and Ownership

I have a great idea for a new business. Is there any intellectual property in my idea? How can I protect it?

An idea alone does not give rise to IP rights. However, once your idea has been expressed in some manner, there are five main IP rights that may be relevant and which may allow protection of your business output.

1. Copyright protects the expression of ideas, for example the words in a book or the source code of a computer programme.
2. Trademarks protect product names and logos.
3. Patents protect novel inventions and products.
4. Registered design rights protect the appearance of a product, for example, the shape, packaging, pattern and colour.
5. Unregistered design rights protect the shape and configuration of an object.

You may also use the law of confidential information to protect your ideas which are not otherwise protected by IP rights. For example, by asking any relevant party to sign a non-disclosure agreement (“NDA”). Although better than nothing, this approach can be risky particularly since the NDA is likely to be superseded if the parties subsequently enter into a supply agreement. Often by the time a disclosure has been made to a third party, the damage may already have been done.

When starting a new business, it is important to develop an IP strategy from the outset. Whilst it may not seem urgent at the time, a failure to do so can be costly in the long run. should you have any concerns around your IP strategy, or need advice, contact our intellectual property solicitors.

What should I know about licensing the intellectual property rights in my business output?

Intellectual property rights (“IP rights”) are intangible property rights which are the result of your intellectual endeavours for example, proprietary methodology. 

In a licensing arrangement, the licensor (IP rights owner) retains ownership of the IP rights and grants the receiving party (the licensee) permission to use them in exchange for a fee (usually as royalties whereby a percentage of the licensee’s sales revenues are payable to the licensor periodically). 

Licensing can benefit licensors by boosting revenues and market penetration whilst allowing licensees to enjoy greater access to expertise and lower research and development costs.

In deciding whether to grant or take a licence you should consider how it will help meet your business needs and commercial goals.  Risks of licensing typically include prohibitively high rates of royalties being charged and reputational harm which can occur where a licensee uses your trade mark but produces inferior quality products.  

There are numerous types of licences and variable conditions which can impact the effectiveness of this commercialisation vehicle. For example, exclusivity, whether the rights can be transferred or sub-licensed, the duration of the licence, territorial and use restrictions, performance obligations (such as minimum sales) and payment terms. 

If you are considering granting or taking a licence of IP rights and would like further support then please contact our IP law experts.

What should I know about assigning the intellectual property rights in my business output?

An assignment of intellectual property rights (‘IP Rights’) differs from a licence in the sense that ownership of the IP Rights is transferred from the assignor to the assignee, usually in exchange for a fee. Documenting such an assignment therefore sounds straightforward but assignors should be aware that assignees may seek certain contractual protections in respect of the assignment, including:

1. Warranties from the assignor that they are the sole owner of the assigned rights, that such rights are free from third party interests and that they do not infringe the rights of any third party. Typically, the assignee will require an indemnity from the assignor in respect of the breach of any such warranties and so assignors should consider limiting the extent of that indemnity accordingly e.g. by capping it.
2. The inclusion of a ‘further assurance’ provision which states that the assignor will provide the assignee with all such reasonable assistance as may be required to effect the assignment of the assigned rights. This may include executing further documents, such as those required to update the ownership register in respect of registered IP Rights e.g. trade marks. Some assignees may insist on an assignor granting them a power of attorney to sign such documentation on their behalf.
3. A waiver by the assignor of its moral rights in any copyright to be assigned. Moral rights are the rights of a creator of copyright (e.g. the software developer who originally wrote the source code for a software program) to be credited as the author of the copyrighted work.