1. AGREEMENT
1.1 The “Agreement” means: (i) the applicable purchase order issued by AMEC-EUROPE; (ii) these General Terms and Conditions of Purchase (“General Terms”); and (iii) additional written agreements, if any, relating to the transaction signed by AMEC-EUROPE and the indicated provider such as a master agreement, statement of work or letter agreement (“Additional Agreements”). The Agreement is the sole and exclusive agreement between the indicated provider (“Supplier”) and AMEC-EUROPE with respect to the goods and/or services provided by Supplier under the applicable purchase order (collectively, “Deliverables”). By providing any Deliverables to AMEC-EUROPE, Supplier agrees it is bound by the Agreement. Supplier and/or AMEC-EUROPE may be referred to as a “Party” or “Parties” in these General Terms. “AMEC-EUROPE” means the AMEC-EUROPE entity that is a party to the Agreement and its Affiliates (collectively, “AMEC-EUROPE”).
1.2 In the event of any conflict among the terms of the Agreement, the following order of precedence will apply: (i) the applicable purchase order issued by AMEC-EUROPE; (ii) the Additional Agreements; and (iii) these General Terms.
1.3 An “Affiliate” means any entity, whether incorporated or not, that is controlled by or under common control with AMEC-EUROPE plc, a public limited company incorporated in United Kingdom with its registered office at Kemp House, 152 City Road, London EC1V 2 NX, UK (registration number 6435444) and its successors, where “control” means the ability, whether directly or indirectly, to direct the management and policies of another entity by means of ownership, contract or otherwise.
2. PERFORMANCE/ WARRANTIES
Supplier warrants and undertakes that the Deliverables will be free from defects in material and workmanship and will conform to any specifications or requirements in the Agreement or agreed upon by the Parties in writing. Supplier warrants that if any Deliverable(s) fails to meet any such specifications or requirements or is otherwise nonconforming, Supplier will, at its own cost and expense and within 10 days of its receipt of written notice of such failure, either correct such deficiency or provide a plan acceptable to AMEC-EUROPE for correcting such deficiency. If such deficiency is not corrected within such 10-day period or a corrective plan is not accepted by AMEC-EUROPE, AMEC-EUROPE will have the option to require Supplier to: (i) provide a full refund; or (ii) promptly replace or reperform the Deliverable(s) at no charge. All Deliverables will be subject to an inspection and acceptance by AMEC-EUROPE, even if the Parties have not set forth any specifications or requirements regarding the Deliverables in the Agreement.
3. DELIVERY
Prices will be based on delivery at the location specified by AMEC-EUROPE, with all duties, tariffs, freight, insurance and other costs related to transportation and delivery being the responsibility of Supplier. Title to and risk of loss/damage for goods remain with Supplier until the goods have been delivered, inspected and accepted by AMEC-EUROPE. Supplier is the importer and exporter of record. Supplier agrees to provide free replacement of goods lost or damaged in transit, at no additional charge, within 3 business days of receipt of notice from AMEC-EUROPE. For Supplier’s delivery of goods, time is of the essence. In the event Supplier does not deliver goods on time, AMEC-EUROPE may terminate the Agreement as provided for in Section 8.
4. PAYMENT, INVOICING, AUDIT AND TAXES
4.1 All prices are exclusive of VAT or similar taxes and will be in the official currency of the country where the AMEC-EUROPE entity in the Agreement is located.
4.2 Supplier is entitled to invoice AMEC-EUROPE after delivery has taken place in accordance with Section 3 above. Invoices will be addressed to the invoicing department of the AMEC-EUROPE entity in the Agreement. All invoices submitted to AMEC-EUROPE must include adequate documentation, including, as applicable: (i) a statement that the Deliverables comply with the provisions of the Agreement; (ii) an explanation of the Deliverables provided during the period covered by the invoice, including applicable purchase order number, invoice number, invoice date, name of the requestor, description of the Deliverables and the corresponding price; and (iii) if expense reimbursement is provided for in the Agreement in relation to Supplier’s services, itemized expenses with receipts or other documentation if a receipt is unavailable.
4.3 AMEC-EUROPE will make payment within 60 days after receipt of Supplier’s valid invoice in accordance with the Agreement. Payment of an invoice (in whole or in part) will not be deemed acceptance of any Deliverables.
4.4 AMEC-EUROPE is entitled to postpone and/or offset payment if the Supplier owes AMEC-EUROPE money for any reason or if AMEC-EUROPE disputes the amount due in good faith.
4.5 During the term of the Agreement and for a period of 3 years thereafter, AMEC-EUROPE will have the right, at its expense, to audit the books and records of Supplier related to Supplier’s activities under the Agreement.
4.6 Applicable taxes will be billed as a separate item or line item. AMEC-EUROPE will pay sales, use, value added, goods and services, and all other similar taxes imposed by any official, authorized governmental entity for Deliverables provided under the Agreement, excluding taxes based solely on Supplier’s income or property. AMEC-EUROPE will pay such tax(es) in addition to the sums due under the Agreement provided that Supplier itemizes them on a proper invoice. AMEC-EUROPE reserves the right to request proof of payment if previously paid by Supplier. If AMEC-EUROPE is required to withhold or deduct any taxes from any payment, AMEC-EUROPE will not be required to “gross up” the amount of such payment and will pay the total amount reflected on the invoice less the applicable withholding taxes. The Parties will cooperate in good faith to minimize taxes to the extent legally permissible. Each Party will provide and make available to the other Party any resale certificates, treaty certifications and other exemption information reasonably requested by the other Party. Notwithstanding the foregoing, provided AMEC-EUROPE furnishes Supplier with a copy of a resale exemption certificate, no sales taxes will be billed to AMEC-EUROPE.
- OWNERSHIP OF DELIVERABLES & INTELLECTUAL PROPERTY RIGHTS 5.1 Supplier hereby assigns and grants to AMEC-EUROPE all rights and licenses necessary for AMEC-EUROPE to access, use, transfer, and sell the Deliverables and to exercise the rights granted under the Agreement, and pass-through the same to its Affiliates and designated users, for the use and benefit of AMEC-EUROPE and in providing services to AMEC-EUROPE’s clients and business partners. Except with respect to any proprietary materials, programs, and documentation provided by Supplier or its suppliers and in existence prior to the services being performed under the Agreement (“Pre-Existing Materials”), all right, title and interest in the Deliverables, including all intellectual property rights, will be the exclusive property of AMEC-EUROPE, to the extent permitted by applicable law. Supplier hereby assigns to AMEC-EUROPE ownership of all right, title and interest in the Deliverables (excluding Pre-Existing Materials) and waives any moral rights therein, to the extent permitted by applicable law.
- Supplier hereby assigns and grants to AMEC-EUROPE an irrevocable, nonexclusive, worldwide, perpetual and fully paid-up right and license to use and modify the Pre-Existing Materials to the extent necessary for AMEC-EUROPE to use the Deliverables as provided for in Section 5.1 above. Pre-Existing Materials or open source software will not be incorporated into any Deliverable without AMEC-EUROPE’s prior written approval.
- To the extent the Deliverables consist of software, AMEC-EUROPE will be entitled to install and use the software on equipment owned or controlled by AMEC-EUROPE or on cloud platforms provided by third parties. For avoidance of doubt, to the extent that any Deliverables consist of cloud-based services, such cloud-based services may be used by AMEC-EUROPE as provided for in Section 5.1 above.
- Supplier agrees to defend, hold harmless and indemnify AMEC-EUROPE from any claim that a Deliverable (or any portion thereof) infringes or misappropriates any intellectual property right of a third party. In addition, if a claim of infringement is made, Supplier will, at its own expense, promptly exercise the first of the following remedies that is practicable: (i) obtain for AMEC-EUROPE the rights granted under the Agreement; (ii) modify the Deliverable so it is non-infringing and in compliance with the Agreement; (iii) replace the Deliverable with a non-infringing one that complies with the Agreement; or (iv) accept the return or cancellation of the infringing Deliverable and refund any amount paid.
6. COMPLIANCE WITH LAWS
6.1 Supplier represents and warrants that it is aware of, understands, has complied with, and will comply with, all laws applicable to Supplier in the performance of the Agreement, including but not limited to: (i) anti-corruption laws such as the U.S. Foreign Corrupt Practices Act, the U.K. Bribery Act and other local anti-corruption laws; (ii) data privacy laws, regulations and regulatory guidance, such as the EU’s General Data Protection Regulation 2016/679 of 27 April 2016 (“GDPR”); (iii) export/import and economic sanctions laws (“Trade Control Laws”); (iv) immigration, labor and employment laws; (v) employment opportunity and anti-discrimination laws; and (vi) environmental laws. Supplier will not provide any Deliverables to AMEC-EUROPE that would cause a violation of any such laws.
6.2 Unless otherwise agreed in writing, the Supplier will not provide any Deliverables to AMEC-EUROPE that require an export license or other form of government authorization under applicable Trade Control Laws to transfer or use in connection with the Agreement. Upon request, the Supplier will provide AMEC-EUROPE with the export control classification under applicable Trade Control Laws of any Deliverables provided in the performance of the Agreement.
6.3 Supplier will promptly notify AMEC-EUROPE of its violation of any applicable laws in its performance of the Agreement, and will defend, hold harmless and indemnify AMEC-EUROPE for any violation of such laws or a breach of Section 14.
7. LIABILITY AND INSURANCE
7.1 To the extent permitted by law, in no event will AMEC-EUROPE be liable for any lost revenues, lost profits, incidental, indirect, consequential, special or punitive damages. To the extent permitted by law, in no event will AMEC-EUROPE’s aggregate liability to Supplier for all claims exceed the total price payable by AMEC-EUROPE to Supplier under the Agreement.
7.2 Supplier will obtain and maintain all applicable and appropriate insurance, (including, without limitation, business, workers’ compensation, auto, errors and omissions, professional and commercial general and liability insurance) in an amount consistent with Supplier’s industry practice. If Supplier will have any access to personal data under the Agreement, such insurance will include cyber liability (data privacy) coverage.
8. TERMINATION
AMEC-EUROPE may immediately terminate the Agreement for its convenience (for any or no reason) at any time, in whole or in part, by providing written notification to Supplier. Unless expressly provided for in the Agreement, AMEC-EUROPE will have no obligation to pay any early termination fee or extra charges in relation to such termination.
9. CONFIDENTIALITY AND PUBLICITY
9.1 Supplier will keep the existence, nature and the content of the Agreement, AMEC-EUROPE Data (as defined in Section 14.1), and any other information of AMEC-EUROPE, confidential and not disclose it to any other person. Supplier will ensure that its personnel, contractors and agents (collectively, “Personnel”) are aware of, and have committed to, confidentiality and legal obligations with respect to such information. Supplier will not make any reference to the Agreement, its terms, business information, or use AMEC-EUROPE’s name, logo or trademark in any public announcements, promotions or any other communication without AMEC-EUROPE’s prior written consent.
9.2 Supplier may only use such confidential information for the purpose of performing its obligations under the Agreement.
9.3 Upon: (i) expiration or termination of the Agreement; or (ii) the request of AMEC-EUROPE; Supplier will return all confidential information of AMEC-EUROPE and AMEC-EUROPE Data or delete such information.
10. ASSIGNMENT AND SUBCONTRACTING
10.1 Supplier is engaged as an independent contractor. Nothing in the Agreement will be deemed or construed to create a joint venture, partnership or employment relationship between AMEC-EUROPE and Supplier (including its Personnel). AMEC-EUROPE will have no liability or responsibility for Supplier’s Personnel. Supplier will remove Personnel from any assignment under the Agreement, for any lawful reason at AMEC-EUROPE’s sole and reasonable discretion.
10.2 Supplier will not assign, transfer or subcontract the Agreement or its rights or obligations (including its data privacy obligations) to any third party (whether resulting from a change of control, merger or otherwise) without AMEC-EUROPE’s prior written consent. In any event Supplier will remain solely responsible for any and all acts, errors or omissions of its subcontractors (including its sub processors).
10.3 AMEC-EUROPE’s rights, benefits and/or obligations under the Agreement may be assigned or transferred to any Affiliate. Supplier hereby provides its consent in advance for such assignment or transfer.
11. SUPPLIER STANDARDS OF CONDUCT
AMEC-EUROPE is committed to conducting its business free from unlawful, unethical or fraudulent activity. Supplier will act in a manner consistent with the ethical and professional standards of AMEC-EUROPE as described in the AMEC-EUROPE Supplier Standards of Conduct, including prompt reporting of unlawful, fraudulent or unethical conduct. A copy of these standards can be found at
https://amec-europe.com/imprint/
12. GOVERNING LAW AND DISPUTES
12.1 The Parties will make good faith efforts to resolve, in a confidential manner, any dispute which may arise under the Agreement, by escalating it to higher levels of management, prior to resorting to litigation or other legal process.
12.2. The Agreement and any dispute or matter arising under it will be governed by the laws of the country where the AMEC-EUROPE entity in the Agreement is located, without giving effect to conflict of laws rules. Subject to Section 12.1, the courts of such country will have exclusive jurisdiction. The United Nations Convention on Contracts for the International Sale of Goods does not apply.
13. GENERAL
13.1 No delay or failure by either Party to exercise any of its powers, rights or remedies under the Agreement will operate as a waiver of them. For purpose of the Agreement an email will be deemed to be “written” or a “writing”.
13.2 If any part of the Agreement is found to be invalid, unlawful or unenforceable then such part will be severed from the remainder of the Agreement which will continue to be valid and enforceable to the fullest extent permitted by law.
13.3 Any changes to the Agreement will be valid and binding only if such changes are set forth in a written agreement signed by Supplier and AMEC-EUROPE. Any clickthrough, online or other terms or licenses accompanying any Deliverables are null and void and will not bind AMEC-EUROPE. The Parties expressly agree that any counter offer by Supplier or terms contained in the Supplier’s response to, or acknowledgment or acceptance of, the Agreement, if any, that are additional to, or different from, the terms set forth in the Agreement will not apply and are hereby expressly rejected by AMEC-EUROPE.
13.4 The provisions of these General Terms, which by their nature survive termination or expiration, including but not limited to provisions 1, 4, 5, 6, 7, 9, 12, 13, 14 and 15, will survive any termination or expiration of the Agreement.
14. DATA PROTECTION AND PRIVACY
14.1 In addition to Supplier’s obligations under Sections 6, 9, 10, and 15, Supplier will comply with this Section 14 when processing AMEC-EUROPE Personal Data. “AMEC-EUROPE Personal Data” means personal data owned, licensed, or otherwise controlled or processed by AMEC-EUROPE including personal data processed by AMEC-EUROPE on behalf of its clients. “AMEC-EUROPE Data” means all information, data and intellectual property of AMEC-EUROPE or its clients or other suppliers, collected, stored, hosted, processed, received and/or generated by Supplier in connection with providing the Deliverables to AMEC-EUROPE, including AMEC-EUROPE Personal Data. 14.2 If Supplier processes AMEC-EUROPE Personal Data in the course of providing Deliverables to AMEC-EUROPE or fulfilling its obligations under the Agreement, Supplier will: (i) only process AMEC-EUROPE Personal Data in accordance with the written instructions of AMEC-EUROPE or to the extent reasonably necessary for the performance of the Agreement, and at all times in compliance with applicable laws; (ii) provide full cooperation and assistance to AMEC-EUROPE in ensuring that rights of individuals under applicable laws (including GDPR) are timely and appropriately addressed, for the fulfilment of AMEC-EUROPE’s obligations to comply with such laws; (iii) make all reasonable efforts to ensure that AMEC-EUROPE Personal Data is accurate and up-to-date at all times while in its custody or under its control, to the extent Supplier has the ability to do so; (iv) fully assist and cooperate with AMEC-EUROPE and its clients in ensuring their compliance with applicable laws, including Articles 32 to 36 of GDPR where applicable. Supplier will make available to AMEC-EUROPE and/or any supervisory authority all information necessary to demonstrate Supplier’s compliance with the Agreement and applicable laws, and allow for and contribute to audits and inspections conducted by AMEC-EUROPE; (v) not retain any AMEC-EUROPE Personal Data for longer than is necessary for the performance of the Agreement or as required by applicable law; and (vi) ensure that any sub-processor(s) (approved under Section 10.2) must be bound by a written agreement that includes the same data protection obligations as set out in the Agreement.
14.3 “Security Incident” means a known, or reasonably suspected, accidental or unauthorized loss, acquisition, disclosure, access, use or other form of compromise of AMEC-EUROPE Data. Supplier will implement and maintain commercially reasonable and appropriate physical, technical and organizational security measures, including those set out in Section 15 below, to protect AMEC-EUROPE Data against a Security Incident and all other unauthorized or unlawful forms of processing. Supplier will (i) notify Supplier’s point of contact at AMEC-EUROPE in writing and without undue delay, and any event within 48 hours of Supplier’s discovery of the Security Incident; and (ii) investigate the Security Incident, taking all necessary steps to eliminate or contain the Security Incident, including cooperating with AMEC-EUROPE’s remediation efforts, mitigating any damage, and developing and executing a plan, subject to AMEC-EUROPE´s approval, that promptly reduces the likelihood of a recurrence of the Security Incident.
14.4 Supplier will notify AMEC-EUROPE promptly in writing of any investigation, litigation, arbitrated matter or other dispute relating to Supplier’s or its subcontractors’ information security or privacy practices.
14.5 Supplier will not transfer, access or otherwise process AMEC-EUROPE Personal Data which originates from the EEA to/from jurisdictions outside of an Approved Jurisdiction, without first entering into a legally valid data transfer mechanism(s) and/or additional agreement(s) with AMEC-EUROPE. “Approved Jurisdiction” means a member state of the European Economic Area (EEA) or any other jurisdiction or sector as may be approved by the European Commission as ensuring adequate legal protections for personal data.
15. INFORMATION SECURITY
15.1 Industry Standards. Supplier will implement appropriate technical and organizational security measures that comply with Industry Standards in all applicable goods, services, equipment, software systems and platforms that Supplier uses to access, process and/or store AMEC-EUROPE Data. “Industry Standards” means security measures that are commercially reasonable in the information technology industry and that are designed to ensure the security, integrity, and confidentiality of AMEC-EUROPE Data, and to protect against Security Incidents.
15.2 Illicit Code. Except for the functions and features expressly disclosed in Supplier’s documentation made available to AMEC-EUROPE, Deliverables will be free of any programs, subroutines, code, instructions, data or functions, (including but not limited to viruses, malware, worms, date bombs, time bombs, shut-down devices, keys, authorization codes, back doors or passwords allowing Supplier access) that may result in any inoperability, damage, interruption, or interference of the Deliverables or any equipment on which the Deliverables reside or with which the Deliverables are capable of communicating.
15.3 Security of All Software Components. Supplier will inventory all software components (including open source software) used in Deliverables and provide such inventory to AMEC-EUROPE upon request. Supplier will assess whether any such components have any security defects or vulnerabilities that could lead to a Security Incident. Supplier will perform such assessment prior to providing AMEC-EUROPE with access to such software components and on an on-going basis thereafter during the term of the Agreement. Supplier will promptly notify AMEC-EUROPE of any identified security defect or vulnerability and remediate same in a timely manner. Supplier will promptly notify AMEC-EUROPE of its remediation plan. If remediation is not feasible in a timely manner, Supplier will replace the subject software component with a component that is not affected by a security defect or vulnerability and that does not reduce the overall functionality of the Deliverable(s).
15.4 Security Assessment. If AMEC-EUROPE reasonably determines, or in good faith believes, that Supplier’s security practices or procedures do not meet Supplier’s obligations under the Agreement, then AMEC-EUROPE will notify Supplier of the deficiencies. Supplier will without unreasonable delay: (i) correct such deficiencies at its own expense; (ii) permit AMEC-EUROPE, or its duly authorized representatives, to assess Supplier’s security-related activities that are relevant to the Agreement; and (iii) timely complete a security questionnaire from AMEC-EUROPE on a periodic basis upon AMEC-EUROPE’s request. Security issues identified by AMEC-EUROPE will be assigned risk ratings and an agreed-to timeframe to remediate. Supplier will remediate all the security issues identified within the agreed to timeframes. Upon Supplier’s failure to remediate any high or medium rated security issues within the stated timeframes, AMEC-EUROPE may terminate the Agreement in accordance with Section 8 above.
15.5 Application Hardening. Supplier will comply with this Section 15.5 if Supplier is providing AMEC-EUROPE with access to or the use of any software, including software-as-a-service or cloud-based software. Supplier will maintain and implement secure application development policies, procedures, and standards that are aligned to Industry Standard practices (e.g., SANS Top 35 Security Development Techniques and Common Security Errors in Programming and the OWASP Top Ten project). This applies to web application, mobile application, embedded software, and firmware development. All Personnel responsible for application design, development, configuration, testing, and deployment will be qualified to perform such activities and receive appropriate training on such policies, procedures, and standards.
15.6 Infrastructure Vulnerability Scanning. Supplier will scan its internal environments (e.g., servers, network devices, etc.) related to Deliverables monthly and external environments related to Deliverables weekly. Supplier will have a defined process to address any findings but will ensure that any high-risk vulnerabilities are addressed within 30 days.
15.7 Application Vulnerability Assessment. Supplier will comply with this Section 15.7 if Supplier is providing AMEC-EUROPE with access to or the use of any software, including software-as-a-service or cloud-based software. Supplier will perform an application security vulnerability assessment prior to any new release. The test must cover all application and/or software vulnerabilities defined by the OWASP or those listed in the SANS Top Cyber Security Risks or its successor current at the time of the test. Supplier will ensure all high-risk vulnerabilities are resolved prior to release. Supplier will provide a summary of the test results including any open remediation points upon request. Supplier will have a defined process to address any findings but will ensure that any high-risk vulnerabilities are addressed within 30 days
15.8 Penetration Tests and Security Evaluations of Websites. Supplier will perform a comprehensive penetration test and security evaluation of all systems and websites involved in providing Deliverables prior to use and on a recurring basis no less frequent than quarterly. Supplier will have an industry recognized independent third party perform one of the quarterly tests. Supplier will have a defined process to address any findings, but any high-risk vulnerabilities must be addressed within 30 days. Supplier will provide a summary of such tests and evaluations, including any open remediation points, to AMEC-EUROPE upon request.
15.9 Asset Management. Supplier will: i) maintain an asset inventory of all media and equipment where AMEC-EUROPE Data is stored. Access to such media and equipment will be restricted to authorized Personnel; ii) classify AMEC-EUROPE Data so that it is properly identified and access to it is appropriately restricted; iii) maintain an acceptable use policy with restrictions on printing AMEC-EUROPE Data and procedures for appropriately disposing of printed materials that contain AMEC-EUROPE Data when such data is no longer needed under the Agreement; iv) maintain an appropriate approval process whereby Supplier’s approval is required prior to its Personnel storing AMEC-EUROPE Data on portable devices, remotely accessing AMEC-EUROPE Data, or processing such data outside of Supplier facilities. If remote access is approved, Personnel will use multi-factor authentication, which may include the use of smart cards with certificates, One Time Password (OTP) tokens, and biometrics.
15.10 Access Control. Supplier will maintain an appropriate access control policy that is designed to restrict access to AMEC-EUROPE Data and Supplier assets to authorized Personnel. Supplier will require that all accounts have complex passwords that contain letters, numbers, and special characters, be changed at least every 90 days, and have a minimum length of 8 characters.
15.11 Cryptography. Supplier will maintain policies and standards on the use of cryptographic controls that are implemented to protect AMEC-EUROPE Data. 15.12 Secure Disposal or Reuse of Equipment. Supplier will verify that all AMEC-EUROPE Data has been deleted or securely overwritten using Industry Standard processes, prior to disposal or re-use of equipment containing storage media.
15.13 Operations Security. Supplier must enable logging and monitoring on all operating systems, databases, applications, and security and network devices that are involved in providing Deliverables. Supplier will maintain anti-malware controls that are designed to protect systems from malicious software, including malicious software that originates from public networks. In addition, Supplier will use anti-malware software (of Industry Standard or better quality), maintain such software at the then current major release, purchase maintenance & support available from the vendor for such software, and promptly implement new releases and versions of such software.
15.14 Information Transfer and Storage. Supplier will use Industry Standard encryption to encrypt AMEC-EUROPE Data that is in transit. Supplier will also use Industry Standard encryption to restrict access to AMEC-EUROPE Data stored on physical media that is transported outside of Supplier facilities.
15.15 Workstation Encryption. Supplier will require hard disk encryption of at least 256-bit Advanced Encryption Standard (AES) on all workstations and/or laptops used by Personnel where such Personnel are accessing or processing AMEC-EUROPE Data.