Skip to main content
Contact
Get in touch

Terms and Conditions for MooD Business Architect, MooD Active Enterprise Software and Related Services

1 Scope – The provision, by CACI Limited (“CACI”) to the Client, of the licence to use CACI’s proprietary software (“Software”), third party proprietary software (“Third Party Software”), maintenance, support, hosting and/or consultancy services (“Services”) and any related documentation (“Documentation”), as specified in the agreed order form (“Order Form”), is pursuant to these Terms and Conditions, and where Third Party Software forms all or part of the deliverables, shall include any applicable end user licence terms either referred to in the Order Form or otherwise notified to the Client (the “EUL”). The Order Form, these Terms and Conditions and any EUL shall together constitute the “Agreement”. Any Order Form that has not been signed by the Client shall nonetheless be treated as having been accepted by the Client if the Client has permitted or agreed to CACI commencing the work described therein. The time of provision of the Services shall not be of the essence of this Agreement. The Client undertakes to provide a Purchase Order reference number in a timely manner, on or before entering into the Agreement.

2 Fees and Expenses – “Effective Date” means the earlier of the Licence Commencement Date set out in the Order Form, the date of shipment of the Software or the date of installation of the Software. The Client shall pay CACI the Annual Licence and Maintenance Fees in respect of the Software as set out in the Order Form, to be invoiced on or around the Effective Date and thereafter 30 days prior to each anniversary of the Effective Date. In addition, the Client shall pay CACI Services Fees on a fixed fee or time and materials basis at the daily rates, as set out in the Order Form. The Services Fees are based on a 7.5 hour working day. Any additional hours may be charged extra. Any agreed evening work, Saturdays, Sundays and Bank/Public Holidays will be charged at double time. CACI shall invoice the Client for the Services Fees either in advance in accordance with an agreed payment schedule detailed in the Order Form or monthly in arrears. Unless otherwise agreed all fees are exclusive of expenses. All reasonably necessary expenses including subsistence and travel incurred by CACI in the performance of its duties will be invoiced at cost unless otherwise agreed. All invoices under this Agreement shall be payable within thirty (30) days of the date of each invoice. For the second and each succeeding year of the term of the Agreement, the Annual Licence and Maintenance Fees may be increased by no more than the percentage increase in the RPI published by the Office of National Statistics or any successor Ministry or Department for the calendar month preceding the relevant anniversary date of the Effective Date.

3 Warranty and Acceptance – CACI warrants that the Services will be performed with reasonable care and skill and by competent and qualified personnel so that the Services conform to standards generally accepted in the information technology industry. The Client shall report any deficiencies in the Services to CACI in writing within 14 days of provision of the Services. If the Client fails to do so, the Client shall be deemed to have accepted the Services. The warranties, conditions or other terms stated in this Agreement are to the extent permitted by law in lieu of all others whether express or implied, including without limitation any implied warranties or conditions of satisfactory quality and fitness for a particular purpose all of which are expressly excluded.

4 Client’s Obligations – The Client will provide suitable facilities, administration, support and services free of charge. If CACI is delayed or precluded from starting or continuing to work due to the non-availability of the Client’s personnel, records, data, computers or any other cause within the control of the Client, CACI reserves the right to charge for any period of delay. The Client is responsible at all times for maintaining adequate backup tapes and for implementing safeguards to protect data and/or software contained in electronic memories or other devices.

5 Liability – Neither party excludes or limits liability for death or personal injury or fraud or fraudulent misrepresentation. CACI shall not be liable to the Client for any indirect or consequential loss, or for any loss of revenue (indirect or direct), loss of profits (indirect or direct), loss of business or goodwill, loss of, damage to, or corruption of data or loss of availability of data, howsoever caused and even if such loss was reasonably foreseeable or CACI had been advised of the possibility of the Client suffering such loss. Notwithstanding any other term in this Agreement, CACI’s aggregate liability for any claims, demands, damages, costs (including legal costs) and expenses resulting from any tortious act or omission and/or breach of this Agreement shall not exceed an amount equal to 125% of the total fees paid or payable by the Client under the Order Form that is the subject of a claim. Notwithstanding the foregoing, CACI shall not be liable to the Client for any loss, damage, cost or expense arising out of any failure by the Client to keep full and up-to-date security copies of software and data in accordance with best computing practice.

6 Confidential Information – “Confidential Information”: all information, data or material of whatsoever nature in any form which is necessary for either party to disclose to the other pursuant to this Agreement and anything the receiving party creates which is derived from or based upon the information data or materials disclosed to it by the disclosing party. It shall not include any information or materials which: (a) are in or enter into the public domain (other than as a result of disclosure by the receiving party or any third party to whom the receiving party disclosed such information); (b) were already in the lawful possession of the receiving party prior to the disclosure by the disclosing party; (c) are subsequently obtained by the receiving party from a third party who is free to disclose them to the receiving party; or (d) are required to be disclosed by law or regulatory authority. The receiving party agrees that it shall: (a) use the Confidential Information only to fulfil its obligations pursuant to this Agreement; (b) treat all Confidential Information of the disclosing party as confidential; (c) not, without the express written consent of the disclosing party, disclose the Confidential Information or any part of it to any person except to the receiving party’s directors, employees, parent company, agreed subsidiaries or agreed subcontractors, who need access to such Confidential Information for use in connection with the Services and who are bound by similar confidentiality and non-use obligations; and (d) comply as soon as practicable with any written request from the disclosing party to destroy or return any of the disclosing party’s Confidential Information (and all copies, summaries and extracts of such Confidential Information) then in the receiving party’s power or possession.

7 Licence Grant and Proprietary Rights – The Client shall procure that individual users of the Software (including its employees and contractors) comply with this Clause 7 and the Client shall be liable for any loss arising out a breach of this Clause 7 by such individual users. Unless otherwise agreed in writing, the Client shall be entitled to a non-exclusive, non-transferable licence for the term (as set out in the Order Form) to use the Software, the Third Party Software (subject to the terms and conditions set out in the applicable EUL) and Documentation for its own internal purposes upon payment in full of all fees as detailed in the Order Form. Subject to the terms of any applicable EUL, the Client may make one copy of any deliverable for disaster recovery purposes, another copy for the Client’s internal testing and training use and a reasonable number of backup copies exclusively for inactive archival purposes only. Except as set forth herein, the Client shall not reproduce the Software, in whole or in part. All titles, trademark symbols, copyright symbols and legends and other proprietary markings incorporated in, marked on, or affixed to any Software must be reproduced by the Client on every copy of all or any part of the Software and shall not be altered, removed or obliterated. The Client shall not modify the Software. The Client will not reverse engineer, disassemble or decompile the Software except and in so far as is necessary to achieve interoperability with another independently created computer program and provided that CACI was asked in writing to provide the information necessary to achieve the interoperability of an independently created computer program with the Software and failed to do so within a reasonable period of time. The copyright and all other intellectual property rights in the Software shall remain vested in CACI and its licensors. The Client shall use the Documentation for internal purposes only and in any event for the purposes of the Agreement. The Client shall not misuse or disclose the Documentation to any third party. Notwithstanding the foregoing, the Client shall at all times retain all rights, title and interest in any and all of its proprietary software and hardware, information and Confidential Information existing prior to the Effective Date of each applicable Agreement (“Client’s Property”). The Client grants CACI a non-exclusive licence to use the Client’s Property solely for the purpose of performing any Services.

8 Term and Termination – Each Agreement made pursuant to these Terms and Conditions shall commence on the Effective Date and shall continue for the Initial Term detailed in the Order Form and thereafter, unless either party gives the other party no less than 90 days’ written notice to terminate, such notice to expire on the third anniversary of the Effective Date or any subsequent anniversary thereafter. For an Order Form relating to consultancy Services only, the Agreement shall continue from the Effective Date until the date of delivery of the last deliverable or completion of the consultancy Services. The resource commitment and delivery plan in line with any project schedule agreed during project mobilisation shall apply. CACI will allocate resources to deliver the Software and Services in line with said project schedule. In the event of a delay outside of CACI’s control that results in the cancellation or postponement of said allocated resources, CACI will use reasonable endeavours to re-assign the resources to other project work. If it is not reasonably practicable to re-assign such resources CACI reserves the right to invoice the Client for any cancelled/postponed days in whole or part plus any expenses already incurred (said invoice for the cancelled/postponed days and expenses shall be in addition to any charges due for the delivery of the Services). Any other material changes to the project schedule shall require the written agreement of authorised representatives of both parties (the Client accepts that any such changes may affect the fees payable under Clause 2 above). In the event either party materially breaches any of its obligations in this Agreement (which breach has not been remedied within 30 days after written notice is given to the defaulting party specifying the breach) or if the Client fails to pay CACI any amount required to be paid under this Agreement, the party not in default may by written notice terminate the Agreement with immediate effect. On termination of this Agreement (howsoever arising), the Client shall immediately pay to CACI: (i) all outstanding unpaid invoices and interest; (ii) in respect of Services and Software which has been supplied but not yet invoiced for, CACI shall submit an invoice which shall be payable by the Client immediately; and (iii) the remainder of the fees that would have otherwise been payable had the Agreement not terminated, provided always that this subclause (iii) shall not apply where termination arises as a result of an act and/or omission of CACI. The parties’ rights and obligations under Clauses 2, 3, 4, 5, 6, 7, 8 and 10 shall survive termination of this Agreement. Termination shall not limit either party from pursuing any other remedies available to it. CACI reserves the right to deactivate the Software remotely upon termination of any Agreement and/or to demand written certification of the deletion of the Software from any and all systems of the Client.

9 Force Majeure – Neither party shall be responsible or liable for any damage, delay or failure in the performance of its obligations hereunder (except failure to pay) caused by strike, fire, storm, flood, explosion, power failure, war, riot, acts of terror, act of government or of public or local authority or by any cause beyond its reasonable control.

10 General – All notices to be given hereunder shall be given in writing to the recipient at the address as either party may designate by notice to the other. Any concession or indulgence made by either party shall not be considered as a continuing waiver of its rights. This Agreement may not be transferred or assigned in whole or in part by the Client without the prior written consent of CACI. This Agreement supersedes any previous understandings between the parties and constitutes the entire understanding between CACI and the Client on all matters contained or referred to herein. In the event of any conflict between these Terms and Conditions and the Order Form, the provisions of the Order Form shall prevail. No additional term or variation shall be valid unless in writing signed by each party’s authorised representatives. Any terms and conditions in the Client’s purchase order are explicitly excluded. This Agreement shall be governed and construed in accordance with English Law and both parties accept the sole and exclusive jurisdiction of the English Courts. Should any provision be held unenforceable or contrary to law, the remaining provisions shall remain in full force and effect. Subject to the foregoing, the parties agree that any person who is not a party hereto shall have no right pursuant to the Contracts (Rights of Third Parties) Act 1999, however this shall not affect any right or remedy of a third party which exists or is available apart from that Act.

11 Data Protection – The following GDPR Clauses shall apply as between CACI and the Client:

Data Processing Schedule
DEFINITIONS:-
The following capitalised terms used in this Data Processing Schedule shall have the meaning set out in DP Legislation (e.g. in Article 4 of UK GDPR) as applicable; Controller, Data Subject, Processor, Processing (and Process and Processed shall be construed according to this definition of Processing), Personal Data, Personal Data Breach, Supervisory Authority (e.g. The Information Commissioner).

DP Legislation: all applicable data protection and privacy legislation in force from time to time in the United Kingdom including the UK GDPR; the Data Protection Act 2018 (DPA 2018) (and regulations made thereunder).

UK GDPR: has the meaning given to it in section 3(10) (as supplemented by section 205(4)) of the Data Protection Act 2018, or any successor legislation in force in the UK and in either case as amended and/or updated from time to time.

Law: means the laws of England and Wales.

1. General
1.1 The parties agree that this Schedule only applies where CACI is the Processor under the Agreement and the Client is the Controller.

Article 28 UK GDPR compliant clauses
Details about the processing
2.1 The parties agree that this Schedule includes the following details about the Processing as set out in Annex 1 below:
2.1.1 the subject matter and duration of the processing of the Personal Data.
2.1.2 the nature and purpose of the Processing of the Personal Data.
2.1.3 the types of Personal Data to be Processed.
2.1.4 the categories of Data Subjects to whom the Personal Data relates.

Written Instructions
2.2 The Processor will only Process Personal Data in accordance with the Controller’s written instructions unless the Processor is required to act without such written instructions by Law.

Confidentiality
2.3 The Processor will ensure that only the Processor’s employees, consultants, directors and officers who need to Process the Personal Data under the Agreement shall have access to it and provided that in each case they have prior entered into a written agreement with the Processor that contains an obligation that such employees, consultants, directors and officers are obligated to keep information (including Personal Data) made available to them confidential.

Security
2.4 The Processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risks relating to its Processing of the Personal Data and in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to the Personal Data transmitted, stored or otherwise Processed. The Processor agrees to use the technical and organisational measures set out in in Annex 2 below.

Using sub-processors
2.5 The Processor shall not employ any sub-processor(s) without the prior specific or general written authorisation of the Controller. The Processor must notify the Controller of any changes it intends to make to the agreed sub-processor(s) and give the Controller a reasonable opportunity to object to such changes. The Processor shall enter into a written contract with each sub-processor which contains the same or substantially the same data protection obligations on the sub-processor as set out in this Schedule. The Processor agrees that it shall be fully liable to the Controller for performance of the sub-processor(s) obligations as required under UK GDPR and the contract entered into between the Processor and sub-processor.

Data Subjects’ rights
2.6 The Processor shall, subject to taking into account the nature of the Processing it carries out and by having appropriate technical and organisational measures in place, assist the Controller upon request to fulfil its obligations that relate to enabling Data Subjects to exercise their rights under DP Legislation, such as subject access requests, requests for rectification or erasure of Personal Data and making objections to Processing.

Assisting the Controller
2.7 The Processor shall, subject to taking into account the nature of the Processing it carries out and the information available to it, assist the Controller upon request in meeting its obligations under DP Legislation (i.e. under UK GDPR Articles 32 to 36) relating to:
2.7.1 keeping the Personal Data secure;
2.7.2 notifying Personal Data Breaches to the Supervisory Authority (in particular the Processor agrees to notify Controller as soon as reasonably practicable upon receipt of any communication, notice, request or complaint from a Data Subject; and notifying the Controller of any Personal Data Breach without undue delay once the Processor becomes aware of the breach and providing the Controller with such reasonable assistance and information in relation to such Personal Data Breach as the Controller requests);
2.7.3 advising the Data Subjects when there has been a Personal Data Breach;
2.7.4 carrying out data protection impact assessments (“DPIA”); and
2.7.5 consulting with the Supervisory Authority where the DPIA indicates there is an unmitigated high risk to the processing.

Return/deletion of Personal Data at the end of the Agreement
2.8 Unless required by Law to retain the Personal Data, the Processor shall upon termination or expiry of the Agreement, at the Controller’s choice, either delete or return to the Controller all of the Personal Data it has been Processing for the Controller.

Audits and Inspections
2.9 The Processor shall in relation to the Processing it carries out:
2.9.1 provide the Controller with all the information that is needed show that the Processor has met all of its obligations under this Schedule;
2.9.2 at the Controller’s request submit and contribute to audits and inspections that the Controller or the Controller’s appointed auditor carries out;
2.9.3 pursuant to Article 28.3(h) of UK GDPR immediately inform the Controller if, in its opinion, it has been given an instruction which does not comply with the UK GDPR.

Controller’s obligations
2.10 The Controller shall comply with its obligations under DP Legislation including in relation to its collection, processing and provision of Personal Data to the Processor in connection with the Agreement.

Additional Clauses

  1. Overseas transfers
    The Processor shall not transfer the Personal Data to any country or international organisation located outside the United Kingdom or the European Economic Area without the prior written consent of the Controller.
  1. Processor’s other obligations
    In addition to this Schedule the Processor has direct obligations under UK GDPR which the Processor agrees to comply with to the extent applicable (i.e. those obligations set out in Articles 27, 29, 30.2, 31, 32, 33 and 37). The Processor agrees that it has appointed a Data Protection Officer.

5. Liability

5.1 Subject always to Article 82 of UK GDPR, an overall cap of £25,000 and clause 5.2 below, the Processor shall only be liable to the Controller for any losses, damages and costs (including reasonable legal costs) arising from the Processor’s breach of this Schedule. The Processor shall only be liable for any payment to the Controller resulting from its breach of this Schedule to the extent that such payment has been ordered by a competent court in the UK, a legally binding decision of the Supervisory Authority or other regulatory body in the UK, or by way of a written agreement between the Controller and Processor after the breach arises.

5.2 Notwithstanding anything else contained in this Agreement, the Processor shall not be liable to the Controller for any loss of revenue, loss of profits, loss of goodwill, ex-gratia payments and/or any indirect loss.

  1. Miscellaneous
    6.1 Both parties shall comply with all applicable laws, statutes and regulations relating to anti-bribery and anti-corruption including but not limited to the Bribery Act 2010.
    6.2 This Schedule supersedes all prior agreements, arrangements and understandings (and excludes any pre-Agreement communications of whatsoever nature) between the parties and constitutes the entire agreement between the parties relating to the subject matter hereof.
    6.3 Neither party shall assign or otherwise transfer this Schedule or any of its rights and obligations hereunder whether in whole or in part without the prior written consent of the other, such consent not to be unreasonably withheld or delayed.
    6.4 Neither party shall be liable for failure to perform its obligations hereunder due to fires, theft, adverse weather conditions, strikes, loss of internet connectivity, transport problems, terrorism, changes in English law that render the then-current obligations unlawful, or Governmental restriction.
    6.5 No term of this Schedule shall be enforceable by a third party.
    6.6 This Schedule shall be governed by the laws of England and the parties agree to submit to the exclusive jurisdiction of the English court in the event of a dispute.

Annex 1 – Details relating to the Personal Data and Processing pursuant to the Agreement.

Annex 2 – Details of technical and organisational security measures to protect the Personal Data and the Processing of such data.

CACI shall use the technical and organisational security measures required under its ISO27001 accreditation.
In particular, as part of CACI’s ISO27001 accreditation CACI maintains internal policies and procedures which are designed to:

a. ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
b. have back-up, archive and/or disaster recovery processes which are capable of restoring the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; and
c. minimise security risks, including through regular security risk assessment, evaluation and testing.

© 2025 CACI Limited. All rights reserved.