Confidentiality; Competition and Data Protection Safeguards Clause
1. Definitions
1.1 Confidential Information means all non-public information disclosed by or on behalf of a party (Discloser) to the other party (Recipient), whether oral, visual, written, electronic, or in any other form, including: business plans; financial information; product or service roadmaps; source code and technical information; trade secrets; customer and prospect lists and records; supplier and channel partner lists; contract terms; marketing plans; and all analyses, compilations, notes, memoranda, or other materials derived from or containing such information. Confidential Information includes Competitively Sensitive Information and Personal Data.
1.2 Competitively Sensitive Information (CSI) means information that could reduce strategic uncertainty between actual or potential competitors, including current or future prices or pricing strategy; discounts or rebates; margins; costs; capacity; production volumes; customer- or account-specific terms, demand forecasts or churn data; bid parameters, bidding strategy or reservation prices; market or customer allocation plans; and non-public product launch timing tied to pricing or go-to-market plans.
1.3 Personal Data means any information relating to an identified or identifiable natural person, as defined by applicable data protection law.
1.4 Trade Secret means information that derives independent economic value from not being generally known and is subject to reasonable measures to maintain its secrecy.
1.5 Permitted Purpose means the specific purpose stated in Schedule A (Cooperation Type), and excludes any use to coordinate market conduct outside that purpose.
1.6 Permitted Recipients means the Recipient’s and its Affiliates’ directors, officers, employees, external counsel, accountants, and professional advisors who (a) have a need to know for the Permitted Purpose, (b) are bound by written obligations of confidentiality no less protective than this Clause, and (c) in the case of CSI, are members of a Clean Team in accordance with Section 3.
1.7 Clean Team means a ringfenced group consisting of external counsel, independent experts, and designated non-commercial personnel of the Recipient who are not engaged in pricing, sales, marketing, procurement, or other commercial decision-making and who are trained in competition-law compliance and Clean Team protocols.
2. Use and Care
2.1 Non-Use and Non-Disclosure. Recipient shall use Confidential Information solely for the Permitted Purpose and shall not disclose it to any person other than Permitted Recipients. Recipient shall exercise at least the same degree of care as it uses to protect its own confidential information of a similar nature, and no less than a commercially reasonable standard.
2.2 No License. Except as expressly stated, no license or other rights in or to the Confidential Information, intellectual property, or data of the Discloser is granted or implied.
2.3 No Reverse Engineering. Recipient shall not reverse engineer, decompile, or disassemble any samples, software, or other tangible embodiments of Confidential Information, except to the extent permitted by applicable law notwithstanding a contractual prohibition.
3. CSI Access Controls; Clean Team Protocol
3.1 CSI shall be accessed only by the Clean Team and only to the minimum extent strictly necessary for the Permitted Purpose. The Clean Team shall maintain a contemporaneous log of CSI received, access to and use of CSI, and disclosures to the Discloser’s counterparties or advisors.
3.2 Absent express permission in Schedule A and subject to Section 4, no CSI that is customer- or supplier-specific, future-oriented, or granular (including non-aggregated transaction-level data, forward-looking prices, individual account terms, or bid reservation prices) shall be disclosed to Recipient’s commercial personnel.
3.3 Where feasible, CSI shall be shared in aggregated and/or time-delayed form (e.g., historical data older than 6–12 months, or aggregation to a level that does not reveal individual account terms).
3.4 Clean Team Work Product containing CSI shall be prepared in redacted or aggregated form for any review by non-Clean Team personnel. Clean Team members shall not participate in Recipient’s independent pricing, bid, customer allocation, or go-to-market decisions for the relevant lines of business for a reasonable quarantine period following the last CSI access (e.g., 6–12 months, as appropriate).
3.5 Secure Environment. CSI shall be hosted in a restricted-access data room with multi-factor authentication, watermarking, download controls, and audit logs. Recipient shall not remove or circumvent such controls.
4. Competition Law Compliance
4.1 The parties shall not, and nothing in this Clause permits them to, engage in any agreement, concerted practice, information exchange, or other conduct that would infringe applicable competition/antitrust laws, including but not limited to: fixing prices or price components; allocating customers, suppliers, markets, or territories; limiting output or capacity; or coordinating bids except as expressly allowed for a lawful joint tender identified in Schedule A.
4.2 The Discloser may withhold any information it reasonably believes may present undue competition-law risk. The parties may consult external antitrust counsel to structure the exchange and may suspend or cease disclosures if advised that continued exchange would be unlawful.
4.3 No-poach or customer non-solicitation covenants are not required or authorized by this Clause and, if included elsewhere between the parties, shall apply only to the extent compliant with applicable competition/antitrust law.
4.4 Nothing in this Clause requires the sharing of competitively sensitive forward-looking information unless (a) strictly necessary for a specific lawful collaboration identified in Schedule A, (b) confined to the Clean Team, and (c) ringfenced with the safeguards herein.
5. Personal Data and Data Protection
5.1 Lawful Processing. Each party shall process Personal Data solely on documented instructions of the other party for the Permitted Purpose and in compliance with applicable data protection laws. To the extent required, the parties shall execute a data processing agreement and relevant international transfer mechanisms (see Jurisdiction-Specific Addendum).
5.2 Data Minimization and Security. The parties shall minimize the disclosure of Personal Data and implement appropriate technical and organizational measures to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.
5.3 Cross-Border Transfers. Cross-border transfers of Personal Data shall only occur subject to a valid transfer mechanism recognized under applicable law, with transfer impact assessments as required.
5.4 Data Subject Rights and Breach Notification. Each party shall reasonably assist the other in responding to data subject requests and regulatory inquiries, and shall promptly notify the other of any Personal Data breach affecting the other’s Personal Data.
6. Affiliates; Third Parties
6.1 Affiliate Access. Recipient may disclose Confidential Information to its Affiliates only via Permitted Recipients and Clean Team protocols. Recipient remains responsible for each Affiliate’s compliance and shall cause each Affiliate to accede to this Clause by written joinder.
6.2 Channels/Suppliers and Subcontractors. Disclosure to channels, suppliers, or subcontractors is permitted only where necessary for the Permitted Purpose and only under written obligations at least as protective as this Clause, including Clean Team controls for any CSI. Recipient remains liable for their compliance.
7. Compelled Disclosure
If Recipient or any Permitted Recipient is legally compelled to disclose Confidential Information, Recipient shall (to the extent legally permissible) provide prompt written notice to the Discloser, disclose only that portion legally required, and seek confidential treatment or protective orders. Where disclosure is to a competition or data protection authority, the parties shall coordinate, where feasible, to preserve confidentiality and legal privilege.
8. Return or Destruction
Upon the earlier of Discloser’s written request or completion of the Permitted Purpose, Recipient shall promptly cease use of and return or destroy Confidential Information and all copies, except that one archival copy may be retained by external counsel solely for compliance and dispute purposes, subject to ongoing confidentiality.
9. Term; Survival
This Clause commences on the first disclosure and continues for five (5) years thereafter; obligations relating to Trade Secrets and Personal Data survive for so long as such information remains a trade secret or as required by applicable law. Clean Team quarantine obligations survive for the period stated in Section 3.4.
10. Remedies
Recipient acknowledges that unauthorized disclosure or use of Confidential Information or breach of competition-law safeguards may cause irreparable harm for which monetary damages are inadequate. Discloser is entitled to seek injunctive relief and specific performance in addition to other remedies available at law or in equity.
11. Exclusions
Confidential Information does not include information that Recipient can demonstrate: (a) is or becomes publicly available through no breach; (b) was rightfully known to Recipient without confidentiality obligations before disclosure; (c) is independently developed without reference to the Discloser’s Confidential Information; or (d) is rightfully received from a third party without confidentiality obligations. No exclusion applies to Personal Data or Trade Secrets where prohibited by law.
12. No Obligation to Proceed
No obligation to proceed with any transaction or collaboration is created by this Clause. Any business relationship shall be governed by a definitive written agreement, if executed.
13. Export Controls and Sanctions
Each party shall comply with applicable export control and economic sanctions laws and shall not disclose or use Confidential Information in violation of such laws.
Schedule A – Cooperation Type and Permitted Purpose Options
Select and complete the option(s) applicable to the parties’ collaboration. For each option, only the enumerated CSI disclosures are permitted, and only under Clean Team controls unless stated otherwise.
A1. Supplier/Channel Negotiations (Multi-line, Multi-country)
Permitted Purpose: Evaluate, negotiate, and administer supply, distribution, or reseller arrangements across specified product/service lines and territories.
Permitted CSI: (a) Discloser’s historical pricing and rebates to Recipient for Discloser’s products/services; (b) non-customer-specific discount frameworks; (c) forecast volumes where aggregated by product family and time-bucketed. Prohibited CSI: competitors’ prices, future list prices not publicly announced, customer-specific terms, and bid strategies.
Special Controls: Aggregation to avoid customer-level visibility; time-delay of forward-looking commercial terms until publicly announced or contractually finalized.
A2. Joint Tender/Consortium for Named Opportunity
Permitted Purpose: Prepare and submit a joint response to [Customer/Tender ID] with defined roles and workshare.
Permitted CSI: Cost build-ups, component pricing, and bid parameters strictly necessary to price the joint bid; final bid price to the identified customer. Prohibited CSI: pricing or customer information relating to other opportunities, customers, or future conduct outside the named tender.
Special Controls: Locked-box data room; Clean Team modeling; no use for any other tender; purge within 30 days after award unless required for contract administration.
A3. Subcontracting/Prime-Sub Relationship
Permitted Purpose: Price and deliver a prime-sub offering to [Customer/Project] where Recipient acts as [Prime/Subcontractor].
Permitted CSI: Subcontractor rates and price elements required for the prime bid to the named customer; task order pricing as necessary. Prohibited CSI: broader customer lists and unrelated pricing.
Special Controls: Information walls between bid team and unrelated business units; disclosure strictly limited to named opportunity.
A4. Technology Co-Development/Co-Marketing
Permitted Purpose: Develop and commercialize jointly defined features or integrations and coordinate lawful marketing activities.
Permitted CSI: None, unless expressly enumerated; pricing coordination limited to standard bundle discount mechanics that are customer-agnostic and compliant with competition law.
Special Controls: Joint marketing calendars; no exchange of customer-specific pricing or future discounts.
A5. M&A/Due Diligence (if applicable)
Permitted Purpose: Evaluate a potential acquisition, divestiture, or joint venture.
Permitted CSI: Target’s CSI only via Clean Team; no disclosure to acquirer’s commercial personnel pre-closing; post-signing gun-jumping prohibitions apply until closing.
Special Controls: Counsel-led Clean Team; redacted customer lists and aggregated pricing; compliance with merger control rules.
Jurisdiction-Specific Addendum
The following provisions apply in addition to the Clause where the indicated laws govern the processing or the competitive assessment of the contemplated information exchange. In the event of conflict, the stricter provision controls.
J1. United States
(a) Antitrust. The parties shall comply with the Sherman Act, Clayton Act, and Federal Trade Commission Act and analogous state laws. No exchange shall be used to fix prices, allocate customers or markets, rig bids, limit output, or otherwise restrain trade. Any joint bidding must be reasonably necessary, procompetitive, and limited to the identified opportunity.
(b) Information Sharing Safeguards. Forward-looking, customer-specific pricing and bidding parameters shall be restricted to Clean Team members and only where necessary for a lawful collaboration set out in Schedule A.
(c) Personal Data. To the extent Personal Data includes California or other state-regulated personal information, Recipient shall act as a “service provider/processor,” refrain from “selling” or “sharing” such Personal Data (as defined by applicable state laws), and implement written instructions, security measures, and deletion at the end of the Permitted Purpose.
J2. European Union/EEA
(a) Competition. The parties shall comply with Articles 101 and 102 TFEU and national competition laws. Information exchange between competitors is limited to what is objectively necessary, aggregated and/or historic where feasible, and subject to Clean Team controls for any CSI. No exchange may enable collusion on prices, customers, or bidding outside a specific, objectively necessary collaboration.
(b) GDPR. Where one party acts as processor, the parties shall execute Article 28 GDPR terms. For international transfers, the parties shall implement the EU Standard Contractual Clauses (2021), perform transfer impact assessments, and implement supplementary measures as needed under Schrems II.
(c) Data Minimization. Customer lists containing Personal Data must be minimized or pseudonymized where feasible; special categories of data require explicit justification and lawful basis.
J3. United Kingdom
(a) Competition. The parties shall comply with the Competition Act 1998 and UK competition law; the safeguards in J2(a) apply mutatis mutandis.
(b) UK GDPR/DPA 2018. Execute UK controller-processor terms where applicable. For international transfers, implement the UK International Data Transfer Agreement or the UK Addendum to the EU SCCs, as applicable.
J4. People’s Republic of China (PRC)
(a) Anti-monopoly and Unfair Competition. The parties shall comply with the Anti-Monopoly Law and Anti-Unfair Competition Law. No exchange may have the purpose or effect of reaching a monopoly agreement or disclosing trade secrets without authorization. CSI exchange must be strictly necessary and ringfenced.
(b) Personal Information Protection. Where Personal Information (as defined by the PIPL) is transferred cross-border, the parties shall implement a lawful transfer mechanism (e.g., CAC security assessment, execution of the Standard Contract for Cross-Border Transfers, or certification) as required, and adopt necessary security measures and impact assessments.
(c) Important Data and State Secrets. No disclosure of Important Data or State Secrets. Data localization and sectoral rules (e.g., critical information infrastructure) shall be observed.
J5. Singapore
(a) Competition. The parties shall comply with the Competition Act 2004; information sharing must not prevent, restrict, or distort competition. Clean Team and aggregation safeguards apply.
(b) PDPA. Recipient shall provide a comparable level of protection for any Personal Data transferred overseas, execute appropriate contractual clauses, and notify Discloser of data breaches affecting the Discloser’s Personal Data in accordance with PDPA requirements.
J6. India
(a) Competition. The parties shall comply with the Competition Act, 2002. Exchanges of CSI must be necessary for the Permitted Purpose and not facilitate cartel conduct or bid-rigging. Clean Team safeguards apply.
(b) Digital Personal Data Protection Act, 2023. Recipient shall process Personal Data consistent with consent or other lawful grounds, implement reasonable security safeguards, notify in the event of data breaches as required, and comply with any notified cross-border transfer restrictions.
Implementation Notes
- Populate Schedule A with a narrowly defined Permitted Purpose tied to specific products, customers, tenders, territories, and timeframes.
- Identify Clean Team members by name or role; require training and acknowledgment of obligations.
- Use a controlled data room with access logs; review logs periodically.
- Execute applicable data transfer instruments (EU SCCs, UK IDTA/Addendum, PRC Standard Contract or CAC assessment, Singapore PDPA clauses).
- Where collaboration might trigger merger control or joint venture filings, suspend operational coordination until clearance and enforce strict gun-jumping controls.
This Clause is intended as a high-standard template for multi-line, multi-channel/supplier negotiations involving pricing, customer lists, and bid proposals. Local counsel should adapt jurisdictional riders and Clean Team protocols to the specific facts, industries, and regulatory requirements.
