Working with contractors

This section provided guidance on the arrangements available under the member licence for you to use contractors in support of your business activities and where Licensed Data is being used.

Please remember that the Contractor Licence is there to help to protect you, the member, against any malpractice or breach of the licence by a contractor.

Note: This guidance only applies to our intellectual property rights and interests and does not supersede any third party IPR (for example, Royal Mail IPR).

There are three parts to this guidance about working with contractors: 

Tip: 'right click' a hyperlink to open it in a new browser tab. 

General guidance

What types of contractors can we use?

We have found that, broadly, there are three types of contractor. Those that:

  • are brought into your organisation (including temporary staff, secondees, interns, students and work experience) and where the individuals are regarded as being members of staff
  • charge and are paid for their services under formal agreement
  • are unpaid (and are likely to be volunteers supporting a particular activity or event)

The Member Licence allows you to work with all of them where they are supporting the delivery of your Core Business.

Which licence do I use with our contractors?

It depends on the type of contractor you are using.

You don’t need to use a licence where they are regarded as being an ‘employee’ of your organisation. This means they can have the same access rights as any other member of your organisation, including having access to the facilities available in the public sector members area of our website.

With paid contractors, as part of that service provision agreement, you need to ensure that the extent of use enabled by your Member Licence also applies to the contractor. This means they need to be made aware and have accepted them.

This is achievable by either issuing them with the 'standard form' of Contractor Licence provided by us, or by incorporating all the relevant clauses into your own bespoke version.

With unpaid contractors, because they are likely to be individuals or small groups (as opposed to businesses), it is better to use this End User Licence as it still allows the recipient to use the data - but without the same obligations.

Do we need to use a contractor licence with OS OpenData?

No.

This is provided that the only data products involved are OS OpenData products, data derived from them, or data that has been granted an exemption on Open Government Licence (OGL) terms

You will need to use a Contractor Licence if you are using a mixture of Licensed Data and OS Opendata (including derived data that has been 'exempted' to open data terms).

As a reminder, under the OGL terms, you are able to use the OS OpenData datasets in any way and for any purpose. We simply ask that you appropriately acknowledge the copyright and the source of the data.

For more information on OS OpenData licensing and products

Do we have to use the Contractor Licence provided by OS?

No.

What the Contractor Licence we are providing does is ensure that you are able to fulfil all the requirements as set out in clause 2.6.1 of the Member Licence.

Your obligation is to ensure that your version continues to meet those requirements; so you can create your own version and decide what form it takes.

This means that your contractor licence can be:

  • in paper or electronic form (including e-mails), 
  • as a ‘stand-alone’ document
  • or be appended/incorporated into another document you have created.
In creating our own version, what information do we need to include?

Your obligation is to ensure that your version continues to fulfil the requirements set out in clause 2.6.1 of the Member Licence.

So, if you are creating your own contractor licence(s), you should read both that and the Contractor Licence we are providing.

In essence, this means in your version you have to incorporate all the relevant sections and maintain all of the relevant the terms and conditions, including that the contractor is accepting that they:

  • can only use the data provided by you to the extent described by you (which also has to be within the use allowed under your Member Licence),
  • will acknowledge all copyright/database rights as they relate to your Member Licence;
  • will not to sub-license, distribute, sell or make available the Licensed Data to any party other than you, unless you have incorporated that into your licence as part of the extent of use
  • will confirm to you that,  upon completion of the works or any termination/expiry of the licence, they have either deleted all the data supplied by you from their (and any sub-contractor’s) live system, or destroyed/return the data (and any output generated)
    Note: they can retain a single ‘archived’ copy to support an audit or other regulatory check
  • will not use the data for your (or their) commercial purposes or financial gain;
Do we need to keep records about our use of contractors?

Yes.

Although OS will not normally need to see any Contractor Licence you issue, there are occasions when they are requested.

You should note that, as one of your obligations as an OS licensee, you could be called upon to provide us with all reasonably required assistance we need to be able to establish the source of the data and what terms of use had been attached. For example, if we are investigating any potential unauthorised use by a third party.

The format and methods you use for these records is entirely down to your own organisation’s business requirements, including how you manage the contract document registration.

Can you provide some examples of the records we should keep?

As some examples, which should also meet your own business requirements, the records can come from:

  • be paper (or scanned) records that include ink signatures
  • a digital management system that incorporates digital signatures
  • emails, where you have requested the contractor to reply with their acceptance confirmation.

The main requirement the records should be sufficent for retaining as evidence of who the contractor is/was and that they accepted the terms and conditions.

They should also include:

  • the purpose of the works/services being provided
  • the dataset(s) supplied and being used
  • the organisation's name (if relevant)
  • a contact name
  • the date of supply
  • the length of the contract
  • the licence you provided with the data (that is, Contractor, End User Licence)
How long can a contractor licence last for and are they transferable?

The lifespan of a Contractor Licence is entirely down to you and is dependent upon the scope of the works and or service being provided. For example, it could be for a single project or under a framework where a number of services are being provided.

However, the Contractor Licence is not transferable from one contractor to another. So, if the contract ends for any reason, then that licence also ends.

In addition, you need to bear in mind that the Contractor Licence can only be valid for the same length of time as your membership of one of the public sector agreements.

Can an individual be used as a contractor?

Yes.

But, you should use an End User Licence, which allows for the interaction with you, for this purpose.

You shouldn't use a Contractor Licence because you can't place the same obligations on a single person that you can with an organisation.

Can we use a community group as a contractor?

Yes

Whether you use a Contractor Licence or an End User Licence will depend on their constitution and structure.

For example, are you using a small voluntary group that has no legal structure (and which may have to be treated as an individual), or are they a 'not for profit' organisation such as community interest companies and some charities that have other obligations placed on them.  

Contractors and liabilities

What are the liability clauses about?

They set out the responsibilities and obligations of both you and your contractors in your relationship with OS.

There are liability clauses in both the Member licence (section 9) and the Contractor Licence (section 11). 

By way of background, there are different types of liability covered.

Attention usually focuses on those relating to Intellectual Property Rights (IPR) infringement. However, there are other liabilities covered, such as death/personal injury from negligence, fraud, competition law, Confidential Information and Free to Use Data.

If required, you should get your own legal advice on understanding what these clauses mean to you.

Are the liabilities for breaches of Intellectual Property Rights 'capped'?

No.

Should it become necessary (and in connection with the use data that OS manages the IPR in) OS is entitled to recover from you all amounts lawfully due in respect of breaches of IPR made by you and your contractors. 

How are the liability clauses set out in the contractor licence?

In the Contractor Licence that we provide, the liability position has been “back to backed”.

This means that, if a breach by a contractor results in a member being liable to OS under the terms of the Member Licence for IPR infringement (or one of the other “unlimited liability losses”), the contractor’s liability is, like the member’s own liability, uncapped.

The purpose of this is to ensure that if a member were found to be financially liable to OS as a result of a breach by its contractor, the member could recover the full amount from the contractor.

However, the Contractor Licence we provide also covers other types of losses, including for example, damage to a member’s own data or systems. For most of these other breaches the liability is capped (at up to £340,000).

The amount of such cap for these other losses is for the member to decide and the contractor to agree to, but depending on the nature and value of the work being carried out by the contractor (see clause 11.4).

For example, a useful starting point when considering the appropriate amount of the cap, is often the estimated total fees payable for the works the Contractor Licence applies to or, if the Contractor Licence is expected to run for several years, it may be more appropriate to cap liability at aggregate annual fees.

It is important that, if required, you should get your own legal advice on undertanding what these clauses mean to you.

Can we remove the liability clauses?

Yes.

But you should note that:

  • clause 2.6.7 of the Member Licence provides that you, the member, are liable for any act or omission by a contractor.
  • you (as the member) is the Licensor (and not OS) and are the one issuing the Contractor Licence.

This means that you can also decide to delete and or vary the liability clauses. This is because the terms of the Member Licence (clause 2.6.1) does not require you to include them.

However, in removing them, you should also be aware that, should it become necessary for OS to take action against you for a breach of the Member Licence - and found that your contractor caused it; you have also taken away your ability to reclaim any losses back from that contractor.

This is because clause 11.3 of the Contractor Licence indemnifies you, the member (rather than OS) against losses resulting from your contractor's breach of use of the Licensed Data.

Accordingly, you should carefully consider the increased risk to you of deleting or amending that clause and it is important that, if required, you should get your own legal advice before doing so.

What if we have removed the 'liability' clauses from a contractor licence?

In removing these liability clauses, you should also be aware that, should it become necessary for OS to take action against you for a breach of the Member Licence - and found that your contractor caused it; you have also taken away your ability to reclaim any losses back from that contractor.

This is because clause 11.3 of the Contractor Licence indemnifies you, the member (rather than OS) against losses resulting from your contractor's breach of use of the Licensed Data and you have also taken away your ability to reclaim any losses back from that contractor.

As a result, you should carefully consider the increased risk to you of deleting or amending that clause and it is important that, if required, you should get your own legal advice on making any changes to this provision.

What if a contractor wants to change the liability clauses?

Remember, it is you (as the member) are the Licensor (and not OS) and you are the one issuing the Contractor Licence.

As mentioned above, you can create your own version, provided to continue to set out the limitations of use contained in the Member Licence.

In your discussions with the contractor, of course you can also decide to delete and or vary the liability clauses. This is because the terms of the Member Licence (clause 2.6.1) does not require you to include them.

However, in removing them, you should also be aware that, should it become necessary for OS to take action against you for a breach of the Member Licence - and found that your contractor caused it; you have also taken away your ability to reclaim any losses back from that contractor.

This is because clause 11.3 of the Contractor Licence indemnifies you, the member (rather than OS) against losses resulting from your contractor's breach of use of the Licensed Data.

Accordingly, you should carefully consider the increased risk to you of deleting or amending that clause and it is important that, if required, you should get your own legal advice before doing so.

What happens in the event of a breach?

Unfortunately, it is not possible to answer this with definitive guidelines, because any case needs consideration on an individual basis.

However, the first step would invariably be to raise any breach with you, the member. This will usually be at an operational level (i.e. with the Principal Contact or Geographic Liaison Officer) but would be at a more senior level in the case of a serious breach.

Again, explaining what is meant by “serious” breach is not particularly easy, but it is fair to say that the most serious type of breach would probably be a wilful misuse of OS data, for example, attempting to sell OS datasets to third parties for unlimited commercial exploitation by the third party.

However, other less serious breaches, if they continue for a long period of time despite requests for them to cease, may at some stage also become “serious”.

You should note that, depending upon circumstances, the relevant Agreement Managers at BEIS/Scottish Government would be kept informed and or be involved.

Can you provide an example scenario?

Example scenario:

What happens if one of your contractors breaches its Contractor Licence without you (the member) knowing, such as keeping a copy without your knowledge and using it for other customers - would you be in breach of your Member Licence and who would OS pursue if discovered?

Answer:

In these circumstances, OS would generally look to work together with you, the member, to ensure that the contractor remedies any breach.

In doing so, we would expect you to be able to demonstrate that you have behaved in a professional manner with regards to the appointment and interaction with a contractor of yours.

This means, for example, that you should use the same degree of care in appointing a contractor that you would use where appointing a contractor to handle your own valuable information.

Equally, you should also have taken reasonable steps to ensure that the contractor has continued to act in accordance with its Contractor Licence, rather than, for example, passing the data over at the start and then ceasing to manage the relationship at all (i.e. through periodic performance reviews). this includes notifying us as soon as it suspects any infringement of OS’ IPR, including infringement by any contractor (see clause 4.1.3 of the Member Licence).

In the event that OS needed to seek financial damages for any breach, then assuming the above has been followed (e.g. you had not somehow condoned the breach, or failed to report a clear infringement), it is likely that we would seek to recover such damages from the contractor.

Nonetheless, the member should be aware, however, that the member is deemed to be liable for breaches by its contractor (see clause 2.6.7 of the Member Licence), and so OS would have the option of pursuing the member instead or as well as the contractor.)

 

Additional guidance

Can our contractors use their own contractor(s) for some of the work?

Yes they can.

The caveat is that there still needs to be a direct link with the member. This means that those additional (sub) contractors also need to have signed up to a comparable Contractor Licence with the same member for the same data.

In addition:

  • the works which each of you is undertaking for the member are related, and
  • the lead contractor does not receive any payment for any supply to their sub-contractor, and
  • the lead contractor obtains written confirmation (for example, a copy of the contractor licence) that the sub-contractor is licensed by the member for the data

Note: As members can create their own version of the contractor licence, an alternative way of doing this (and where all parties are known at the time when the contractor arrangement is set up) is to incorporate all the necessary information into a single document. You can then get all parties to accept the terms of the one licence.

For some examples of contractor arrangements

We are terminating a contractor licence, what can the contractor retain?

At the point of termination of the contract, they can only keep an archive copy. 

The only use still allowed by the contractor to enable them to respond to a complaint or challenge from a regulator or other third party regarding their use of the data during the period of the contracted works. 

They must have either destroyed (and confirmed so) or returned to you all other data collected.


Do we need to use a contractor licence when using ‘hosted’ services?

Yes - your use of a hosted service may require the use of a contractor licence.

We understand that the way that you may be using 'hosted' (including cloud) services can include:

  • using your own servers,
  • ‘leasing’ space from a 3rd party supplier (under some form of contract which will have service levels attached) as part of your network,
  • using a separate ‘hosted’ service.

In all the above scenarios, you are responsible for ensuring that any information you make available, by whatever route and the extent of that use is within the allowances of your Member Licence.

If you are using an intermediary to provide all (or part) of that 'hosted' service, then you are now using a contractor, so the incorporation of the contractor licence terms into that arrangement is required.

Note: Where you are using a third party web mapping Application Programming Interface (API), the position in respect of licensed data is that it is your responsibility as one of the licensees to determine whether any terms you are signing up to with your chosen third party’s API service are compatible with your licence with us. This included ensuring that those third party terms do not claim more wide-ranging or longer licence rights for the API provider than you are able to grant under the terms of your Member Licence.

See here for additional guidance on using web mapping services.