concerning
Acquisition of Cloud Services (SaaS, IaaS, PaaS and FaaS) and related support services
between
The Ministry of Taxation
Nicolai Eigtveds Gade 28
1402 København K
CVR no. (VAT no.) 34 73 04 66
(in the following referred to as the Customer)
and
[…]
(in the following referred to as the Supplier)
Table of contents
1. Definitions 4
2. Introduction and purpose 5
3. Subject matter and scope 6
3.1 Technical Requirements 7
3.2 Legal Requirements 7
3.3 Data Protection and Requirements on Information Security 7
3.4 CSR 8
4. Delivery 9
4.1 General 9
4.2 Place of delivery 9
4.3 Time of delivery 9
5. Intellectual Property Rights 9
6. Charges 10
7. Terms of payment 11
7.1 General 11
7.2 Invoicing 11
8. Assignment 11
9. Sub-suppliers 12
10. Confidentiality 12
11. Amendments 12
12. Duration and Termination for convenience 12
13. Obligations in connection with Termination 13
14. Interpretation and precedence of documents 13
15. Governing law and disputes 14
16. Signatures 14
List of Annexes
Annex 1 : Requirement Specification
Annex 2 : List of charges
Annex 3 : Data Processing Agreement
Annex 4 : Requirements on Information Security
Annex 5 : The Supplier’s description of Cloud Services and related support services and the Supplier’s Standard Terms for the provision of Cloud Services and related support services
1. Definitions
“Annex” shall mean any enclosures expressly mentioned in the Contract as an Annex.
“Cloud Services” shall mean the SaaS, IaaS, PaaS and FaaS services defined in clauses 2 and 3, including existing as well as developments and updates of SaaS, IaaS, PaaS, and FaaS services and as made available by the Supplier to the market as an integral part of the standard services.
“Commencement” shall mean the date of the latest signature of the Contract.
“Contract” shall mean this agreement with all its Annexes and any subsequent amendments.
“Customer” shall mean the Ministry of Taxation. When references to “Controller” of personal data are made in the Contract, it shall furthermore be read as references to the Customer and vice versa.
“Data” shall mean the personal data defined in Annex 3 to the Contract.
“Data Processing Agreement” shall mean the agreement between the Supplier and the Customer concerning the processing of Data, cf. Annex 3.
“FaaS” means ‘Function as a Service’ and represents a category of cloud computing services that provides a platform allowing customers to develop, run, and manage application functionalities without the complexity of building and maintaining the infrastructure typically associated with developing and launching an app. Building an application following this model is one way of achieving a ’serverless’ architecture, and is typically used when building microservices applications.
“IaaS” means ‘Infrastructure as a Service’ and represents online services that abstract the user from the details of infrastructure like physical computing resources, location, data partitioning, scaling, security, backup etc.
“PaaS” means ‘Platform as a Service’ and represents a category of cloud computing services that provides a platform allowing customers to develop, run, and manage applications without the complexity of building and maintaining the infrastructure typically associated with developing and launching an app.
“Party” shall mean the Customer or the Supplier, jointly the "Parties".
“Public Institution” Ministries, government agencies, state enterprises, independent public enterprises (in Danish referred to as "SOV"), municipalities, regions, public administrative bodies, municipal enterprises, boards and commissions as well as independent institutions essentially financed out of public funds. State-owned public companies and public companies with municipal participation are not covered.
”SaaS” means ‘Software as a Service’ and represents a way of delivering a cloud service where customers are able to access software applications over the internet.
“Standard Terms” shall mean the Supplier’s standard terms for the provision of Cloud Services and related support services, cf. Annex 5.
“Sub-annexes” shall mean any enclosures expressly mentioned in the Contract as a Sub-annex.
“Supplier” shall mean the supplier of the Cloud Services and related support services to be delivered under the Contract and the Party with whom the contracting authority has entered into the Contract. When references to “Processor” of personal data are made in the Contract, it shall furthermore be read as references to the Supplier and vice versa.
2. Introduction and purpose
The Contract concerns the delivery of Cloud Services and related support services.
The Contract covers the Cloud Services and related support services specified in the Contract – in particular Annexes 1 and 5, and any subsequent amendments hereof.
The Contract is entered into by the Department of the Ministry of Taxation. The Ministry of Taxation has established a number of Implementation Centres (within the Department), all of which have been tasked with creating new technical and organisational set ups for critical areas of the Danish tax administration, e.g. property valuation, tax recovery and customs.
The Implementation Center for Property Valuation (in Danish: Implementeringscenter for Ejendomsvurderinger (“ICE”)) has been tasked with developing a property valuation system. In connection with this work, ICE needs to make use of Cloud Services and related support services as specified in this Contract.
For this purpose, the Parties have entered into this Contract, pursuant to which the Customer will acquire Cloud Services and related support services.
The Customer expects to use the Cloud Services and related support services to run the property valuation system, which is in development. From conclusion of the Contract and until the property valuation system is commissioned in the Customer’s production environment the property valuation system will be operated in the Customer’s testing and development environment. The property valuation system is expected to be put into production in early 2018, however, it should be taken into consideration, that this may be subject to change, e.g. due to political decisions in the Danish Parliament. The Cloud Services and related support services will therefore cover both the Customer’s production and testing and development environments.
The organisational set-up of the Ministry of Taxation will, however, gradually change as from early 2017. Some existing agencies will continue unchanged and some will in whole or in part be merged into other existing agencies or agencies to be established. Therefore, the Customer needs to ensure a great level of flexibility concerning the use of the Cloud Services and related support services as well as the ability to assign the rights and obligations in whole or in part under the Contract, cf. clause 8.
Following the commission of the property valuation system the Customer expects to assign the responsibility for the Customer’s production environment (including Cloud Services and related support services covered by this Contract) in the property valuation system to an agency within the group of the Ministry of Taxation. Further, during the term of the Contract, the Customer expects to assign the responsibility for the Customer’s testing and development environment in the property valuation system (including Cloud Services and related support services covered by this Contract) to an agency within the group of the Ministry of Taxation.
The Supplier acknowledges and agrees that:
(a) This Contract is the result of a tender procedure (see Contract Notice 2017/S 052-096270) carried out by the Customer in accordance with the Danish Public Procurement Act no 1564 of 15 December 2015 (“Udbudsloven”, i.e. the Danish implementation of Directive 2014/24/EU),
(b) the Customer has relied on the Supplier's representations about content and quality as stated in the tender and the Contract.
3. Subject matter and scope
The Supplier shall provide the Cloud Services in accordance with this Contract and in particular the Standard Terms, cf. Annex 5, and as requested and used by the Customer at any time during the Contract.
The Supplier shall furthermore provide the support services in accordance with this Contract and in particular the Standard Terms, cf. Annex 5, and the support tier requested and used by the Customer at any time during the Contract and in accordance with Annex 5. For the provision of the support services the Customer has initially chosen the support tier [to be filled in by the Customer upon Contract award], cf. Annex 1.
The quantitative usage of the individual services of the Cloud Services and related support services may vary substantially in the duration of the Contract. The Customer shall furthermore have the right to switch between various versions of the Cloud Services and related support services, such as geographical location of datacentres, support tiers etc. in accordance with Annex 5.
The Supplier is obligated to deliver such scaling of the Cloud Services and related support services.
The Supplier shall provide updates and further developments of the Cloud Services and related support services in accordance with the requirement specification, cf. Annex 1, and the Standard Terms, cf. Annex 5.
In case the Supplier markets new functions and/or new individual services or updates of existing functions and/or services as part of the Cloud Services and/or support services delivered under the Contract, the Customer shall be entitled to use such new or improved functions and/or individual services as part of the Cloud Services and/or support services in accordance with this Contract.
3.1 Technical Requirements
The Supplier shall ensure, that during the term of the Contract, the Cloud Services and related support services and the delivery hereof comply in all respects to the specifications and requirements of this Contract and in particular Annexes 1 and 5.
3.2 Legal Requirements
The Cloud Services and related support services and the provision hereof shall comply with all relevant mandatory laws and regulations in force at any time, including the Danish Act on Processing of Personal Data[1], which implements the Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data, the Executive Order on Data Safety[2], and the Regulation 2016/679/EU on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, cf. below.
The Supplier is made specifically aware, that the enacted Regulation 2016/679/EU on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, which will replace the above mentioned Act and Directive, applies to this Contract from the date of its entering into force, i.e. 25 May 2018. Any additional requirements applied on the Supplier due to this Regulation shall be implemented by Supplier. Any additional requirements applied on the Customer due to the Regulation, which cannot be solved without the assistance of the Supplier shall be supported by the Supplier. Implementation and assistance in this regard to the extent necessary shall take place at no cost to the Customer.
Data covered by this Contract shall remain within the EU and/or EEA, cf. Annex 3. The necessary measures taken by the Customer in this regard, are reflected in the Contract and in particular in Annexes 1, 3 and 4.
3.3 Data Protection and Requirements on Information Security
During the term of this Contract, the Supplier of the Cloud Services and related support services will act as Processor of Data on behalf of the Customer (being the Controller of the Data). The Processor performs commissioned data processing within the meaning of Section 3 (2) of the Danish Act on Processing Personal Data. Compliance with this law includes compliance with the appropriate safeguards and requirements specified in Annex 3. The entering into of the Data Processing Agreement, cf. Annex 3, and the Contract shall take place simultaneously. The entering into of the Data Processing Agreement is as such a prerequisite for the validity of the signed Contract and vice versa.
The Supplier shall ensure, that during the term of the Contract, the Supplier as well as the Cloud Services and related support services provided comply in all respects to the requirements on information security as set forth in Annex 4.
The Parties agree, that the Supplier’s non-compliance with or breaches of requirements clauses 3, 6 and 9 of the Annex 3 and/or requirements stated in section 2.1.7, 2.1.8, 2.1.10 and 2.1.16 of the Annex 4, are individually or collectively considered to be material breaches of the Contract. The same applies to non-compliance with or breaches of requirements concerning direct or indirect transfer of Data to countries outside the EU and/or EEA, requirements concerning processing, including storage and back-up in countries outside the EU and/or EEA and requirements concerning support performed by personnel located outside the EU and/or EEA. The Customer shall in respect of such non-compliance and/or breaches be entitled to make use of all rights in accordance with applicable Danish law, including the right to terminate the Contract immediately and without further notice. Notwithstanding such termination for breach, the Supplier shall comply with the obligations stipulated in clause 13.
The Supplier is liable in accordance with Danish law for any damage, including damages to third parties, caused by the Supplier’s failure to comply with the information security requirements stipulated in Annex 4 and/or the obligations imposed on the Supplier pursuant to the Supplier’s capacity as Processor of Data, cf. Annex 3.
3.4 CSR
3.4.1 Fundamental principles and rights
During the performance of the obligations of the Contract, the Supplier shall comply with all applicable laws governing the Supplier’s provision of the Cloud Services and related support services no matter where these are carried out, cf. clause 3.2, including regulation of human rights, anti-corruption and environment.
The Supplier and any sub-suppliers shall further observe the provisions of the fundamental ILO conventions nos. 29, 87, 98, 100, 105, 111, 138 and 182 and the UN Declaration of Human Rights.
Serious and/or repeated failure to comply with this clause will constitute a material breach that entitles the Customer to terminate the Contract immediately and without further notice. Notwithstanding such termination for breach, the Supplier shall comply with the obligations stipulated in clause 13.
3.4.2 Labour clause
The Supplier shall ensure that the employees of the Supplier, and any sub-suppliers who contribute to the performance of the Contract, are secured pay, including special allowances, hours of work and other working conditions which are not less favourable than those established for work of the same character under a collective agreement entered into by the most representative organizations of workers and employers in Denmark in the trade or industry concerned being in force throughout the territory of Denmark.“Contribute to the performance of the Contract” shall mean work performed in Denmark for the performance of the Contract.