Terms & Conditions
PROFESSIONAL SERVICES AGREEMENT
1 Parties
1.1. The “Customer”
The partner company, commissioner or consumer of the goods and services provided by the
Supplier.
1.2. The “Supplier”: YGHT Ltd. Registered address: 112-114 Witton Street, Northwich,
Cheshire, CW9 5NW
2 Background
2.1 The Customer has agreed to engage the Supplier to provide specific professional
services according to the terms and conditions of this Agreement.
2.2 Typically the Services include, but are not limited to: Information Security
Consultancy; Penetration Testing; Social Engineering Testing; Cyber Security Audits
and Reviews; and Vulnerability Assessments.
3 Definitions
3.1 In this Agreement:
3.1.1 The “Agreement” means this agreement inclusive of any Statement of Work.
3.1.2 The “Customer” means the party listed in this document at 1.1.
3.1.3 The “Supplier” means the party listed in this document at 1.2.
3.1.4 The “Parties” means one or both of The Customer and The Supplier, defined in
3.1.2 and 3.1.3.
3.1.5 The “Disclosing Party” means the member of The Parties providing information to
another member of The Parties.
3.1.6 The “Receiving Party” means the member of The Parties receiving information
from another member of The Parties.
3.1.7 “Change Request” has the meaning set out in Clause 8.
3.1.8 “Commencement Date” means the date for the commencement of the Services,
as set out in the Statement of Work.
3.1.9 “Customer Responsibilities” means the obligations on the Customer as set out in
Clause 7.
3.1.10 “Deliverables” means the listed deliverables to be supplied by the Supplier to the
Customer as part of the Services as set out in Statement of Work, but excluding
Proprietary Materials.
3.1.11 “Fees” means the fees payable by the Customer to the Supplier for the
performance of the Services, as set out in Clause 9.
3.1.12 “Intellectual Property Rights” (IPR) means: copyright; patents; know-how;
confidential information; database rights; rights in trade marks and designs
(whether registered or unregistered); applications for registration of any of the
above; or all other intellectual property rights and equivalent or similar forms of
protection existing anywhere in the world.
3.1.13 “Statement of Work” means the agreed Services, including Milestones where
appropriate.
3.1.14 “Proprietary Materials” means any materials of the Supplier including, without
limitation, all software, methodologies, software development tools, libraries,
ideas, methods, processes, reports, concepts and techniques and other materials
owned by or licensed to the Supplier and used in the provision of the Services.
3.1.15 “Confidential Material” means information given between The Parties which is not
in the public domain. This excludes information that enters the public domain
other than by breach of Clause 12, or is received from a third party which is not
under any confidentiality obligation of which the Recipient is aware or ought to be
reasonably aware, or is independently developed by one party without use of the
other party’s Confidential Information.
3.1.16 “Services” means the professional services to be provided by the Supplier under
this Agreement as specified in the Statement of Work, including the creation,
development and delivery of the Deliverables.
3.1.17 “Personal Data” is information defined by Regulation 2016/679 of the European
Parliament, better known as the General Data Protection Regulation (GDPR) and
the Data Protection Act 2018. This excludes information that is in, or enters the
public domain other than by breach of Clause 12.
3.1.18 “Scope” is the geographical areas, targets, systems, people, physical and digital
(or logical) addresses, to which the services apply and against which the acts to
provide the services are considered as permitted.
4 Services
4.1 The Supplier shall, from the Commencement Date, provide the Services and any
associated Deliverables to the Customer in accordance with this Agreement.
4.2 The Supplier shall use all reasonable endeavours to meet any Milestones set out in
Statement of Work. The Supplier shall not be responsible for any failure or delay
caused by events beyond the Supplier’s reasonable control, including without
limitation, any failure by the Customer to perform the Customer Responsibilities or
where any of the circumstances in Clause 14 occur.
4.3 Both parties shall use all reasonable endeavours to meet their respective obligations
as set out in the Statement of Work.
4.4 The Customer acknowledges that the Supplier is not guaranteeing that the target
system will be a completely secure system. Security is not considered to be absolute,
and no test, product or service can assess for, or offer cover for, all possible security
vulnerabilities, breaches or security incidents.
4.5 The Customer acknowledges that computer systems are subject to continual
development of new risks, weaknesses and vulnerabilities. The Services are
completed at a point-in-time and do not offer any assurance, warranty or guarantee of
the future status of the target system’s security.
4.6 The Customer acknowledges that the Services are designed to contribute towards the
target system’s overall information security strategy and does not replace, re-assign
or reduce any of the Customer’s responsibilities for maintaining secure systems.
4.7 With respect to Clause 4, the customer agrees to indemnify the Supplier and hold the
Supplier harmless for any information security failure of the Customer’s systems.
5 Term
5.1 This Agreement shall commence on the date of this Agreement and shall continue until
the final Milestone.
5.2 The Services shall commence on the Commencement Date and subject to Clause 13
(Termination) shall continue until the final Milestone.
6 The Supplier’s Commitments
6.1 The Supplier warrants to the Customer that the Supplier will perform the Services in a
professional manner and with all reasonable skill and care and in accordance with
recognised industry practice for such Services.
6.2 The Supplier warrants that the personnel used by the Supplier in the performance of
those Services will be appropriately skilled, trained and qualified.
6.3 The Supplier shall have the right to determine which of its personnel or contractors
shall be assigned to perform the Services, and to replace or reassign such personnel
during the term of this Agreement. Any re-assignment of personnel shall be done
wherever reasonably possible after notification to the Customer.
6.4 The Supplier will maintain the relevant insurance, including but not limited to:
Professional Indemnity (250 thousand GBP); Employers Liability (at a minimum of 5
million GBP); and Public Liability (at a minimum of 5 million GBP),
6.5 All other warranties whether statutory or implied are hereby expressly excluded to the
fullest extent permitted by law, including fitness for purpose and satisfactory quality.
7 The Customer’s Responsibilities
7.1 The Customer shall provide the Supplier with reasonable and safe access to its
premises and facilities as necessary for the Services to be performed.
7.2 The Customer shall make available to the Supplier the normal office facilities as
necessary for the proper performance of its obligations under this Agreement
(including, but not limited to: workspace; display equipment; network connectivity;
Internet connectivity; telephone services; and printing facilities).
7.3 The Customer shall at all times provide reasonable co-operation with the Supplier in
relation to the performance of the Services.
7.4 The Customer shall provide the Supplier with all necessary equipment, hardware and
software, including but not limited to: third party software; databases; operating
systems; and technical documentation (including any applicable license to use them),
in order for the Supplier to perform the Services, should these items be related to the
specialist activities of the Customer or otherwise bespoke to the Customer.
7.5 The Customer shall pay the Supplier the Fees as set out in Clause 9.
7.6 The Customer shall maintain an appropriate level of security and safety for all
Deliverables once received. Storage, transmission and communication of the
Deliverables shall be at the sole risk and responsibility of the Customer from the time
of its delivery to the Customer from the Supplier.
7.7 The Customer shall fairly and accurately present the results of the Services to
appropriate third-parties where such a presentation is required. Such third-parties
include auditors, accreditors, certification-bodies, and customers.
7.8 The Customer shall seek written permission from the Suppllier before reproducing the
Deliverables in any publicly accessible format.
7.9 The Customer shall gain the proper authorisations from any third-party services,
vendors, or upstream providers for performing security testing.
7.10 The Customer shall perform any other Customer Responsibilities or obligations
specified in the Statement of Work.
7.11 The Customer shall return any equipment provided, including the Smuggle Box,
unless prior arrangements have been made with The Supplier for the purchase of such
equipment. Any equipment not returned will incur a charge covering the replacement
of the equipment.
8 Changes to Statements of Work
8.1 Either party may request a change to the Services by submitting a written request to
the other party (the “Change Request”).
8.2 If a written request is submitted to the Supplier by the Customer, the Supplier shall
respond within a reasonable time of receiving the Change Request, setting out
whether the Change Request may be implemented and the effect the Change Request
will have on the Supplier’s activities, milestones and fees under this Agreement,
including any variation of the Fees.
8.3 If a Change Request is accepted, the parties shall amend the Statement of Work to
reflect the Change Request including any variation to the Fees.
8.4 The Supplier shall not be liable for delays in the provision of the Services caused by a
Change Request, and neither party shall have any obligation to commence work in
connection with any Change Request until that Change Request is agreed.
9 Fees and Payment
9.1 The Customer shall pay the Supplier the Fees in the manner set out in the Statement
of Work.
9.2 All amounts payable under this Agreement shall be exclusive of value added tax or
other tax or duty (whether UK or foreign) payable by the Supplier in respect of this
Agreement, which shall be paid in addition, at the rate and in the manner for the time
being prescribed by law as indicated on supplied invoices.
9.3 The Supplier reserves the right to review and amend rates of pay at the turn of the tax
year. Any increase in fees will not exceed the Consumer Price Index + 1%.
9.4 Unless otherwise specified in the Statement of Work, the Customer shall pay for all
expenses properly and reasonably incurred by the Supplier in the performance of the
Services.
9.5 Expenses may include, but are not limited to:
9.5.1 The purchasing of equipment, software, software licenses, or domain names;
9.5.2 The hire of equipment or processing time;
9.5.3 Accommodation. Accommodation will be used where travel time exceeds 60
minutes from the Suppliers home address. UK accommodation will be the
cheapest three-star or above hotel located within 1 (one) mile of the Customer.
Should there be no such option available, the nearest hotel of four-star and above
will be used. International accommodation will be the highest local rating and
chosen at the sole discretion of the Supplier;
9.5.4 Subsistence. Subsistence expenses will be covered whilst working away from
the Suppliers work address. For the duration of the Services set out in Statement
of Work, the average daily cost of subsistence will not exceed the average price of
the chosen accommodations restaurant menu for three meals per day where
accommodation is used. Where no accommodation is used, local good-quality food
sources will be used for midday / lunch meal; and
9.5.5 Travel. Travel arrangements will be: business class flights (for flights over two
hours duration); first class rail rates (for rail journeys over one hour duration); car
hire; or the current maximum authorised mileage rates set down by HM Revenue &
Customs for car travel.
9.5.6 Postage or carriage of equipment. Carriage of equipment will be completed
using an appropriately insured provider that provides tracking facilities and timely
delivery.
9.6 Unless otherwise specified in the Statement of Work, the Supplier shall invoice the
Customer monthly in arrears.
9.7 The Customer shall pay the amounts invoiced by the Supplier within 30 days from
receipt of the relevant invoice.
9.8 If the Customer fails to pay any or all of its invoice pursuant to the terms of Clause 9,
the Supplier may charge the Customer interest, accruing daily from the due date, on
any overdue amounts under this Agreement. In accordance with the Late Payment of
Commercial Debts (Interest) Act 1998, interest will be charged at the rate of 8% per
annum above the base rate of the Bank of England in force at the due date.
9.9 If the Customer wishes to change or cancel the Commencement Date then it must
notify the Supplier in writing. Cancellation or changing the date for the services within
30 days of the due Commencement Date will incur a charge. The amount of the
charge incurred under this clause will depend on the date on which the Supplier
received notification of the change or cancellation from the Customer:
9.9.1 If notification is received less than 30 days (but more than 14 days) before the
Commencement Date the charge to the Customer will be 20% of the total charges
for the services to be delivered.
9.9.2 If the notification is received 14 days or less (but more than 7 days) before the
Commencement Date the charge will be 40% of the total charges for the Services
to be delivered; and
9.9.3 If the notification is received 7 days or fewer prior to the Commencement Date,
the charge will be 80% of the total charges for the services to be delivered.
9.9.4 If no proper notification is received by the Supplier of a change of date or a
cancellation prior to the Commencement Date then the charges for the services
due to be delivered, shall be payable by the Customer in full.
9.9.5 If the Supplier is able to deliver services to alternative clients on the
Commencement Date which is subject to the change or cancellation charges set
out in clause 9.9 above, then the Supplier shall reduce the amount of the charges
to the Customer under clause 9.9 pro-rata by the relevant percentage of the
amount it receives from the alternative client for the same time period.
9.9.6 Changes to the Commencement Date will be agreed and rescheduled where
possible around other pre-existing commitments.
10 Proprietary Rights
10.1 The Customer acknowledges that any Proprietary Materials used by the Supplier
in the provision of the Services are and shall remain the property of the Supplier and
that the Customer shall not acquire any Intellectual Property Rights in the Proprietary
Materials under this Agreement.
10.2 The Supplier acknowledges that in the course of providing the Services, the
Supplier may use products, materials and methodologies proprietary to the Customer
or to third parties. The Supplier agrees that it shall not acquire any rights in those
proprietary products, materials and methodologies whether under this Agreement or
otherwise.
11 Intellectual Property
11.1 Upon receipt of payment of the Fees in full, the Supplier grants to the Customer
a perpetual, non-transferable and non-exclusive licence to use, reproduce and modify
any Deliverable specifically developed for the Customer by the Supplier in performing
the Services. The Customer’s right to use those Deliverables is restricted to use for its
own internal purposes and is subject to the confidentiality provisions in Clause 12
below. All other Intellectual Property Rights in the Deliverables remain in and/or are
assigned to the Supplier. The parties agree to co-operate with each other and execute
such other documents as may be necessary to achieve these objectives.
11.2 Subject to Clause 12 below, nothing in this Agreement shall preclude the
Supplier from developing for itself, or for third parties, materials which are competitive
with the Deliverables or the Services, irrespective of their similarity to materials or
services which may be delivered to the Customer under this Agreement. The parties
agree that subject to Clause 12 below, the Supplier shall be free to use its general
knowledge, skills and experience and any ideas, concepts, know-how, methodologies
and techniques related to the Scope of the Services.
11.3 The Customer warrants that any Proprietary Materials and its use by the Supplier
for the purpose of providing the Services will not infringe the copyright or other
intellectual property rights of any third party, and the Customer shall indemnify the
Supplier against any loss, damages, costs, expenses or other claims arising from any
such infringement.
12 Confidential Information
12.1 All information relating to the business operations of The Disclosing Party given
in respect of this Agreement to The Receiving Party or otherwise obtained by The
Receiving Party shall be treated by The Receiving Party as Confidential Material.
12.2 Confidential Information shall not be used other than for the benefit of the
Disclosing Party nor disclosed to third parties without the prior written consent of the
Disclosing Party.
12.3 The Confidential Information of the Disclosing Party may be disclosed by the
Recipient to the extent required by law or any regulatory authority. Unless prohibited
by law, the Recipient will give the Disclosing Party prompt written notice of the
requirement to disclose.
13 Termination
13.1 Each party shall have the right, without prejudice to its other rights or remedies,
to terminate this Agreement immediately by written notice to the other party if the
other party is:
13.1.1 in material or persistent breach of any of its obligations under this Agreement
and either that breach is incapable of remedy or the other party shall have failed to
remedy that breach within 30 days after receiving written notice requiring it to
remedy that breach; or
13.1.2 unable to pay its debts (within the meaning of section 123 of the Insolvency Act
1986) or becomes insolvent or an order is made or a resolution passed for the
liquidation, administration, winding-up or the dissolution of the other party (other
than for the purposes of a solvent amalgamation or reconstruction) or an
administrative or other receiver, manager, liquidator, administrator, trustee or
similar officer is appointed over all or any substantial part of the assets of the other
party or the other party enters into or proposes a composition or arrangement with
its creditors generally or anything similar to the foregoing occurs.
13.2 Any termination of this Agreement shall not affect any accrued rights or liabilities
of either party.
14 Force Majeure
14.1 Neither party shall be liable to the other for any delay or non-performance of its
obligations under this Agreement arising from any cause or causes beyond its
reasonable control including, without limitation, any of the following: act of God,
governmental act, acts of terrorism, war, fire, flood, explosion, civil commotion or
industrial dispute of a third party. Subject to the party so delaying promptly notifying
the other party in writing of the reason for the delay and the likely duration of the
delay, the performance of the delaying party’s obligations, to the extent affected by
the delay, shall be suspended during the period that the cause persists provided that if
performance is not resumed within 30 days after that notice the non-delaying party
may by notice in writing terminate this Agreement.
15 Warranty and Liability
15.1 Each party warrants that it will perform its obligations under this Agreement in a
professional manner and with all reasonable skill and care and in accordance with
recognised industry practice.
15.2 Subject to Clause 15.1, all other warranties whether statutory or implied are
hereby expressly excluded to the fullest extent permitted by law, including fitness for
purpose and satisfactory quality.
15.3 The Supplier’s entire liability arising out of or in connection with this Agreement,
including the Services, whether in contract, tort or otherwise, will not exceed in
aggregate over the term of this Agreement, an amount equal to the sums paid by the
Customer for those Services specified in the Statement of Work in the period up to 6
months immediately preceding the event giving rise to the liability (less all sums
already paid by the Supplier for any previous claims arising in respect of those
Services during that period).
15.4 Nothing in this Agreement shall exclude or restrict either party’s liability for
death or personal injury resulting from its negligence or that of its employees while
acting in the course of their employment.
15.5 Notwithstanding anything else in this Agreement, the Supplier shall not be liable
to the Customer under, or in connection with, this Agreement in contract, tort or
otherwise for loss of profits, business or anticipated savings, loss or damage to data,
or for any indirect, direct or consequential loss, economic loss or damage whatsoever,
whether sustained by the Customer or any other person.
15.6 The parties expressly agree that if any limitation or provision referred to in this
Agreement is held to be invalid under any applicable statute or rule of law it shall to
the extent be deemed omitted, but if any party becomes liable for loss or damage
which would otherwise have been excluded that liability shall be subject to the other
limitations and provisions set out in this Agreement.
15.7 The Supplier shall not be liable for any loss or damage to the Customer’s
computer equipment and systems which is caused by any existing weakness (or
defect) in the Customer’s equipment and systems that is discovered or initiated by the
supply of any services from the Supplier.
16 Non-solicitation
16.1 For a period of 12 months following the termination of the Agreement or the
Services for any reason, the Customer shall not offer employment to any employee of
the Supplier involved in performing the Services or induce or encourage the employee
to leave the Supplier’s employment without written consent from the Supplier.
17 Penetration testing notice
17.1 The laws of England and Wales apply to the delivery of the Services. Some of
these laws have particular relevance to technical testing engagements, particularly:
the Computer Misuse Act; the Police and Justice Act (section 35 to 38); the Serious
Crime act (part 2 section 41 to 44, 47, and 86); Human Rights Act (in particular,
Article 8); the General Data Protection Regulation; and Data Protection Act. As
covered in this Agreement, by engaging the Supplier in the Services, the Customer
confirms that they are the owner of the systems being tested, or have the permission
and delegated authority of the owner(s) to engage the Supplier in the Services.
17.2 Where the Supplier knowingly collects evidence that contains Personal Data, the
Supplier will destroy the collected Personal Data wherever possible at the final
Milestone. Where the evidence is required for reporting purposes, the Personal Data
will be anonymised.
17.3 The Supplier shall make reasonable endeavours to not exceed the Scope. Where
the Customer solely represents a business or other corporate entity, the Scope shall
not intrude into the private or family lives of members of staff. Where the Customer
represents a family or individual, the Customer understands that they are
commissioning a breach of the Human Rights Act and as such indemnifies and holds
the Supplier harmless with respect to all such breaches.
17.4 The Customer indemnifies the Supplier against prosecution for conducting
testing activities and agrees to hold the Supplier harmless in respect of the laws
specified in this section 17.
18 Notices
18.1 Any notice or other document to be served under this Agreement may be
delivered or sent by email, post or fax to the party to be served at its address stated
in this Agreement, or the last notified email address, postal address or fax number.
18.2 In proving service of a notice or document it shall be sufficient to prove that delivery
was made or that the envelope containing the notice or document was properly
addressed and posted as a prepaid first class or equivalent recorded delivery letter or
that the facsimile message was properly addressed and despatched, as the case may
be.
19 General Provisions
19.1 Assignment and Subcontracting: Neither party may assign, sub-license, transfer
or otherwise dispose of any of its rights, transfer or otherwise dispose of any of its
obligations under this Agreement without the prior written consent of the other.
Notwithstanding the above, the Supplier shall be free to subcontract its obligations
under this Agreement.
19.2 Amendments: Any amendment or waiver of this Agreement shall not be binding
on the parties unless set out in writing, expressed to amend or waive this Agreement
and signed by each of the parties.
19.3 Severability: If a provision of this Agreement is or becomes illegal, invalid or
unenforceable, that shall not affect the legality, validity or enforceability of any other
provision of this Agreement.
19.4 No partnership or agency: Nothing in this Agreement shall be deemed to
constitute a partnership between the parties, nor constitute either party the agent of
the other for any purpose.
19.5 Third Party Rights: No third party or other person who is not a party to this
Agreement may enforce any of its terms under the Contracts (Rights of Third Parties)
Act 1999.
19.6 Waivers: A waiver (whether express or implied) by one of the parties of any of
the provisions of this Agreement or of any breach of or default by the other party in
performing any of those provisions shall not constitute a continuing waiver and that
waiver shall not prevent the waiving party from subsequently enforcing any of the
provisions of this Agreement not waived or from acting on any subsequent breach of
or default by the other party under any of the provisions of this Agreement.
19.7 Further Assurance: Each party shall, at the request and cost of the other,
execute all documents and do all other acts, which may be necessary to give full effect
to this Agreement.
19.8 Costs: Each party shall pay its costs and expenses incurred by it in connection
with the entering into and completion of this Agreement.
19.9 Authority: Neither party shall have any authority to act or make representations
on behalf of the other party and nothing shall impose any liability on either party in
respect of any liability incurred by the other party.
19.10 Each person signing this Agreement represents and warrants that he or she is
duly authorized and has legal capacity to execute and deliver this Agreement. Each
party represents and warrants to the other that the execution and delivery of the
Agreement and the performance of such party’s obligations hereunder have been duly
authorized and that the Agreement is a valid and legal agreement binding on such
party and enforceable in accordance with its terms.
19.11 Whole Agreement: This Agreement and the documents referred to in it contain
the whole agreement between the parties relating to the Services contemplated by
this Agreement and supersede all previous agreements between the parties relating to
these Services. Each of the parties acknowledges that, in agreeing to enter into this
Agreement, it has not relied on any representation, warranty, collateral contract or
other assurance (except those set out in this Agreement and the documents referred
to in it) made by or on behalf of any other party before the signature of this
Agreement. Each of the parties waives all rights and remedies which, but for this
subclause, might otherwise be available to it in respect of any such representation,
warranty, collateral contract or other assurance, provided that nothing in this
subclause shall limit or exclude any liability for fraud.
20 Jurisdiction
20.1 This Agreement is governed by English law and each party irrevocably submits to
the jurisdiction of the English courts for all purposes relating to this Agreement.
YGHT Ltd, Terms and Conditions – 28 Aug 2024 Page 1 of 1