To receive more information about the Danske Bank matter please carefully read the confidentiality agreement and click accept at the bottom.
IMF Litigation Funding Services Limited (Company Number 11592223) of 81 Chancery Lane, London, WC2A 1DD acting in its capacity as the appointed agent and sub-investment adviser to IMF Bentham Limited (ACN 067 298 088), acting in its capacity as the appointed agent and investment manager for each of IMF Bentham (Fund 2) Pty Ltd (ACN 621 682 504) and IMF Bentham (Fund 3) Pty Ltd (ACN 621 682 460). (“IMF”)
Email address: [email protected]
(together the “Parties” and each a “Party”).
- The Litigant is an organisation which is contemplating commencing, legal proceedings or an arbitration (“Litigation”) in respect of possible claims (“Claims”).
- For the purpose of pursuing the Claims and conducting the Litigation (“Permitted Purposes”), the Litigant has requested IMF to provide, or to consider providing, litigation funding, investigation and project management (“Professional Services”) in relation to the Litigation.
- To enable IMF to consider if it will provide those services and, if so, on what terms, IMF will require information about the Claims, the Litigation and the Litigant (potentially including legal advice, documents and personal information) and IMF will need to receive, read, use and retain that information.
- The Parties have a mutuality of interest in relation to the Claims and a common interest in maintaining the confidentiality of the Confidential Information (as defined below). As a result, any provision of Confidential Information between the Parties is, and will continue to be, the subject of common interest privilege and/or litigation privilege
- The Parties wish to maintain the confidentiality of, and any privilege attaching to, any Confidential Information provided to one another.
- If IMF decides to fund the Litigation, the Parties may enter into a written litigation funding agreement (“Funding Agreement”). The Parties agree that the terms of any Funding Agreement will prevail over the terms of this Agreement to the extent of any inconsistency.
Obligations of confidentiality
- Subject to clauses 1 and 4, the Parties acknowledge that all information provided, irrespective of when it was provided, by one Party (“Provider”) to the other Party (“Recipient”) in relation to the Litigation, the Claims, the Litigants or the Provider, (collectively, “Confidential Information”) is secret and confidential to the Provider and is disclosed on the basis that it will be held in strict confidence by the Recipient and used solely by the Recipient for the purposes of determining whether to enter into a Funding Agreement or complying with its obligations, or asserting its rights, pursuant to a Funding Agreement.
- For the avoidance of doubt and without limiting the obligations of confidentiality in clause 2, Confidential Information: (a) may be in any form (including, without limitation, in written, oral, visual or electronic form, or on tape or disk whether of a technical, commercial, corporate, financial nature or otherwise); and (b) may be copied by a Recipient.
- Subject always to Clause 13 in respect of the protection of Personal Information, the obligations of confidentiality under this Agreement do not apply to any part of Confidential Information that is (a) agreed in writing by the Provider to be excluded from the obligations of confidentiality under this Agreement; (b) in the public domain at or after the time of entering into this Agreement through no breach of this Agreement or the Funding Agreement; (c) already known to a Recipient or its Permitted Recipients at the time of entering into this Agreement; (d) received independently by a Recipient or its Permitted Recipients from third parties (without restriction as to its use or disclosure); (e) independently acquired or developed by a Recipient or its Permitted Recipients; or (f) required to be disclosed by any applicable law or regulation or legally binding order of any court, government, fiscal or judicial body.
- The Parties understand and agree that certain limited and introductory non-confidential information about the Litigation and the Claims may be disclosed by IMF to its prospective investors, service providers and potential joint venture partners or co-funders in relation to and in furtherance of the Litigation without such persons being required to commit to abide by the confidentiality obligations in this Agreement.
- A Recipient may disclose Confidential Information, on a need to know basis, to its Permitted Recipients.
- “Permitted Recipients” means any of the following persons: (a) when referring to the Litigant: (i) any Group Entity of the Litigant; (ii) any directors, officers, employees, representatives, agents, trustees, consultants, contractors, accountants, auditors, insurers, prospective insurers, insurance brokers and advisors (“Representatives”) of the Litigant; and (iii) any Representatives of any Group Entity of the Litigant; (b) when referring to IMF: (i) any Group Entity of IMF; (ii) Representatives of any Group Entity of IMF; (iii) any securityholder of a Group Entity of IMF (excluding IMF Bentham Limited (ACN 067 298 088)) and their Representatives; (iv) any debt capital provider or proposed provider to IMF or a Group Entity of IMF together with their respective Representatives; and (v) any person considering entering into (or who enters into) a co-funding, participation or similar arrangement with IMF, whether before or after the date of this Agreement, and any Representative of such person, in each case who give an appropriate confidentiality undertaking.
- “Group Entity” means: (a) when referring to the Litigant, any subsidiary or holding company of the Litigant and any subsidiary of any such holding company; and (b) when referring to IMF (i) IMF Bentham Limited (ACN 067 298 088); (ii) a related body corporate of IMF Bentham Limited (ACN 067 298 088); or (iii) an entity or trust:
- that directly or indirectly is controlled or managed by IMF Bentham Limited (ACN 067 298 088) or a related body corporate of IMF Bentham Limited (ACN 067 298 088);
- that is directly or indirectly under the common control or management of IMF Bentham Limited (ACN 067 298 088) or a related body corporate of IMF Bentham Limited (ACN 067 298 088) and another person or persons; or
- that has appointed IMF Bentham Limited (ACN 067 298 088) or a related body corporate of IMF Bentham Limited (ACN 067 298 088) as its agent and investment manager or adviser, for the purposes of this definition, ‘control’ has the same meaning as in section 50AA of the Corporations Act and ‘related body corporate’ has the same meaning as in section 50 of the Corporations Act.
- A Recipient is responsible for ensuring that any of its Permitted Recipients who receive Confidential Information are obliged and bound to treat that information in the same manner and to the same extent as the Recipient is obliged and bound to do so under this Agreement.
- Any part of the Confidential Information which is the subject of privilege (be it legal professional privilege, litigation privilege, common interest privilege or any other form of privilege) is disclosed to a Recipient, and may be disclosed by the Recipient to any of its Permitted Recipients, solely on the basis that such disclosure is not intended to waive that privilege.
Return or Destruction
- Following the occurrence of the first of the following events: (a) a decision by IMF not to provide the Professional Services in respect of the Litigation; (b) at the conclusion of the Litigation in circumstances where IMF decided to provide the Professional Services; or (c) termination of the Funding Agreement, subject to clause 12, if requested to do so by a Provider, the Recipient will, to the extent reasonably possible (particularly in respect of information electronically stored on back-up servers), either: (a) return any Confidential Information and all copies of such information to the Provider or any Permitted Recipient nominated by the Provider; or (b) permanently destroy the Confidential Information and all copies of such information and, upon request from the Provider, certify such destruction to the Provider.
- Nothing in clause 11 shall be taken to require the return, deletion or the destruction of any documents, data or other records (including reports, due diligence, lists or indices of Confidential Information, board papers and the like) generated in good faith by a Recipient and which contain extracts from, summaries or analyses of or other references to the Confidential Information and which: (a) the Recipient or any of its Permitted Recipients consider they are required to retain for their own bona fide corporate governance purposes including, for example, board minutes or due diligence reports which may refer to extracts of Confidential Information; (b) any Permitted Recipients are required to retain, or it is the usual practice for those Permitted Recipient to hold those documents, for the purposes of any relevant professional standards, practices, codes or insurance policies applicable; or (c) the obligations of confidentiality do not apply to as a result of clause 4.
- Protection of Personal information and Data
Confidential Information may include Personal Information. If the Recipient receives or has access to Personal Information:
- the Recipient must: (i) not use the Personal Information other than for the Permitted Purposes, unless required or authorised by law; (ii) return or destroy (at the option of the Provider) Personal Information on termination or expiration of this Agreement or, where practicably feasible, on request by the Provider at any time; and (iii) notify the Provider in the event that a data or system breach (including any unauthorised system intrusion by third parties) or other security incident (“incident”) occurs that has impacted Personal Information and take preventative action to remedy and follow all directions of the Provider in the resolution of the incident;
- to which the EU GDPR applies, each Party agrees to comply with their respective obligations as set out in the GDPR data protection addendum annexed at Annex A ("DPA");
- to which the Privacy Act 1988 applies, each Party agrees to comply with the Australian Privacy Principles (APPs) and all ancillary and related privacy guidance notes and codes of practice issued from time to time and their respective obligations as set out in the Australian Addendum at Annex B; and
- to which the UK Data Protection Act 2018 applies, each Party agrees to comply with their respective obligations pursuant to that legislation.
- Subject to the terms of any Funding Agreement and to the extent permitted by law, this Agreement is the entire agreement and understanding between the Parties regarding the protection of the privacy of personal information provided by the Litigant and the confidentiality of, and privilege attaching to, the Confidential Information.
- IMF executes this Agreement in its capacity as investment manager and agent for each of IMF Bentham (Fund 2) Pty Ltd (ACN 621 682 504) and IMF Bentham (Fund 3) Pty Ltd (ACN 621 682 460) and represents that it has the power and authority do so under the terms of an investment management agreement between it and each of those entities.
- All notices and other communications under this Agreement must be in writing sent to the Parties at their addresses indicated above or at such other address as a Party may notify to the other Party from time to time, and they may be delivered by hand or courier (effective on delivery), by fax, email or other reliable electronic communication (effective when sent), or by pre-paid registered post (effective on the third business day after the date of posting to an address within Australia, and on the fifth business day after the date of posting to an address outside Australia).
- This Agreement is entered into in England and Wales and is governed by the laws of England and Wales. The Parties submit to the exclusive jurisdiction of the courts of England and Wales, as applicable, save that the Parties agree that if a Funding Agreement is entered into, this Agreement shall be governed by the applicable law and jurisdiction provisions of the Funding Agreement (irrespective of whether such Funding Agreement is subsequently terminated).
- Any amendment, modification or waiver of any provision of this Agreement must be in writing and executed by both Parties.
- Failure to exercise or enforce, or a delay in exercising or enforcing, or the partial exercise or enforcement, of any right, power or remedy provided by law or under this Agreement by any Party will not in any way preclude, or operate as a waiver of, any exercise or enforcement, or further exercise or enforcement, of that or any other right, power or remedy provided by law or under this Agreement.
- Any provision of this Agreement which is illegal, void or unenforceable will be ineffective to the extent only of that illegality, voidness or unenforceability without invalidating the remaining provisions.
- This Agreement may be executed in any number of counterparts, each of which is an original and which together have the same effect as if each Party had signed the same document. Transmission of an executed counterpart of this Agreement by email (in PDF, JPEG or other format that is agreed) shall take effect as delivery of an executed counterpart of this Agreement.
- Each Party shall bear its own costs and expenses incurred in the preparation, negotiation and signing of this Agreement, including its solicitors’ costs.
for and on behalf of the Litigant
for and on behalf of IMF Litigation Funding Services Limited (Company Number 11592223) of 81 Chancery Lane, London, WC2A 1DD acting in its capacity as the appointed agent and sub-investment adviser to IMF Bentham Limited (ACN 067 298 088), acting in its capacity as the appointed agent and investment manager for each of IMF Bentham (Fund 2) Pty Ltd (ACN 621 682 504) and IMF Bentham (Fund 3) Pty Ltd (ACN 621 682 460).
IMF BENTHAM LIMITED
EU DATA PROTECTION ADDENDUM
This Data Protection Addendum ('Addendum') sets out the Addendum of IMF (otherwise described herein as 'us', 'we') in relation to the processing of EU/UK individual personal data and personal data to which the EU General Data Protection Regulation (EU) 2016/679 ("GDPR') applies. References to 'Company' or 'you' below includes you and each one of your relevant affiliates (unless otherwise stated).
The protection of Personal Data is of critical importance to IMF and the following terms of this Addendum set out the minimum requirements of IMF with respect to all of its clients.
We use a number of defined terms in this Addendum which will have the meaning set out in Section 9 of this Addendum. Capitalized terms not otherwise defined in this Addendum will have the meaning given to them in your Agreement. Except where the context requires otherwise, references in this Addendum to your Agreement are to your Agreement as amended by, and including, this Addendum.
1.1 The parties acknowledge that each will act as a separate Controller in relation to the Personal Data which they Process.
1.2 The parties shall each comply with their respective obligations under the Data Protection Laws in respect of their processing of Personal Data.
2. Disclosing of Personal Data
Where acting as a Discloser, each party shall:
2.1 only disclose the Personal Data for one or more defined purposes which are consistent with the terms of the Agreement ("Permitted Purposes");
2.2 ensure that it has (i) procured for a notice to be made available to the relevant Data Subject(s) informing them that their Personal Data will be disclosed to the Recipient or to a category of third party describing the Recipient; and (ii) obtained any necessary consents or authorisations required to permit the Recipient to freely process the Personal Data for the Permitted Purposes;
2.3 only disclose any Special Categories of Personal Data to the Recipient where necessary for the Permitted Purposes and then only having obtained the explicit prior consent of the relevant Data Subjects, or established (to the satisfaction of the Recipient) an alternative lawful basis for the disclosure; and
2.4 be responsible for the security of any Personal Data whilst in transmission from the Discloser to the Recipient.
3. Processing of Personal Data
Where acting as a Recipient, each party shall:
3.1 not Process Personal Data in a way that is incompatible with the Permitted Purposes (other than to comply with a requirement of applicable law to which Recipient is subject);
3.2 not Process Personal Data for longer than is necessary to carry out the Permitted Purposes (other than to comply with a requirement of applicable law to which Recipient is subject); and
3.3 taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, have in place appropriate technical and organisational security measures to protect the Personal Data against unauthorized or unlawful Processing, or accidental loss or destruction or damage.
4. Personal Data Breaches
4.1 The Recipient shall notify the Discloser without undue delay following any Personal Data Breach involving the Personal Data.
4.2 Each party shall co-operate with the other, to the extent reasonably requested, in relation to any notifications to Supervisory Authorities or to Data Subjects which are required following a Personal Data Breach involving the Personal Data.
5. Further Co-operation and Assistance
5.1 Each party shall co-operate with the other, to the extent reasonably requested, in relation to:
5.1.1 any Data Subject Requests;
5.1.2 any other communication from a Data Subject concerning the Processing of their Personal Data; and
5.1.3 any communication from a Supervisory Authority concerning the Processing of Personal Data, or compliance with the Data Protection Laws.
6. Description of Personal Data
The parties acknowledge that in the Annex to this Addendum they have fairly and accurately recorded the scope of Personal Data Processed under this Addendum.
7. Restricted Transfers
The parties hereby enter into the Standard Contractual Clauses, which are incorporated into this Addendum by reference, in respect of any Restricted Transfer. For the purposes of clause II h) of the Standard Contractual Clauses, the Parties shall be deemed to have selected option (iii). Annex 2 to the Standard Contractual Clauses shall be deemed to be prepopulated with the relevant sections of the Annex to this Addendum.
8. Governing Law and Jurisdiction
8.1 Without prejudice to clause IV of the Standard Contractual Clauses:
8.1.1 the parties to this Addendum hereby submit to the choice of jurisdiction stipulated in the Principal Agreement with respect to any disputes or claims howsoever arising under this Addendum, including disputes regarding its existence, validity or termination or the consequences of its nullity; and
8.1.2 this Addendum and all non-contractual or other obligations arising out of or in connection with it are governed by the laws of the country or territory stipulated for this purpose in the Principal Agreement
9.1 In this Addendum, the following terms shall have the meanings set out below and cognate terms shall be construed accordingly:
9.1.1 "Process/Processing", "Controller", "Processor" "Data Subject", "Personal Data Breach" and "Special Categories of Personal Data" shall have the same meaning as in the Data Protection Laws;
9.1.2 "Affiliate" means an entity that owns or controls, is owned or controlled by or is or under common control or ownership with either NPD or Contract Partner (as the context allows), where control is defined as the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of an entity, whether through ownership of voting securities, by contract or otherwise;
9.1.3 "NPD Affiliate" means an Affiliate of NPD;
9.1.4 "Data Protection Laws" shall mean Directive 95/46/EC and Directive 2002/58/EC, in each case as transposed into domestic legislation of each Member State of the European Economic Area and in each case as amended, replaced or superseded from time to time, including without limitation by the EU General Data Protection Regulation 2016/679 of the European Parliament and of the Council ("GDPR" and collectively with the foregoing "EU Data Protection Laws") and any data protection laws substantially amending, replacing or superseding the GDPR following any exit by the United Kingdom from the European Union, or, and to the extent applicable, the data protection or privacy laws of any other country including, without limitation, Switzerland and the Russian Federation;
9.1.5 "Data Subject Request" means a request from a Data Subject to exercise any right under the Data Protection Laws;
9.1.6 "EEA" means the European Economic Area;
9.1.7 "Contract Partner Affiliate" means an Affiliate of Contract Partner;
9.1.8 "Personal Data" means any personal data, as defined in the Data Protection Laws, disclosed by one party ("Discloser") to the other party ("Recipient") in the performance of that party's rights or obligations under the Agreement;
9.1.9 "Restricted Transfer" means a transfer of Personal Data from Discloser or its Affiliate to Recipient or its Affiliate, where such transfer would be prohibited by Data Protection Laws in the absence of the Standard Contractual Clauses. For the avoidance of doubt: (a) without limitation to the generality of the foregoing, the parties to this Addendum intend that transfers of Personal Data from the UK to the European Union or from the European Union to the UK, following any exit by the UK from the European Union shall be Restricted Transfers for such time and to such extent that such transfers would be prohibited by UK Data Protection Laws or EU Data Protection Laws (as the case may be) in the absence of the Standard Contractual Clauses; and (b) where a transfer of Personal Data from one country to another country is of a type authorised by Data Protection Laws in the exporting country for example in the case of transfers from within the European Union to a country or scheme (such as the US Privacy Shield) which is approved by the European Commission as ensuring an adequate level of protection or any transfer which falls within a permitted derogation, such transfer shall not be a Restricted Transfer for the purposes of this Addendum
9.1.10 "Standard Contractual Clauses" means (i) the standard contractual clauses for the transfer of personal data to controllers established in third countries which do not ensure an adequate level of protection as set out in Commission Decision C(2004)5721, as updated, amended, replaced or superseded from time to time by the European Commission; or (ii) where required from time to time by a Supervisory Authority for use with respect to any specific Restricted Transfer, any other set of contractual clauses or other similar mechanism approved by such Supervisory Authority or by Data Protection Laws for use in respect of such Restricted Transfer, as updated, amended, replaced or superseded from time to time by such Supervisory Authority or Data Protection Laws;
9.1.11 "Supervisory Authority" means (a) an independent public authority which is established by a Member State pursuant to Article 51 GDPR; and (b) any similar regulatory authority responsible for the enforcement of Data Protection Laws
ANNEX: DESCRIPTION OF PERSONAL DATA
Clients of the data exporter (and representatives of such clients); individuals connected to the claims relevant to the provision of professional services by IMF Bentham Limited; employees of the parties
Purposes of the transfer(s):
The data exporter and the data importer are sharing personal data for the purposes of the receipt of professional services or advice.
Categories of data:
Name, email address, postal address, personal financial information
The personal data may be disclosed to group companies of IMF as required for the Permitted Purposes and to third party companies which are contracted to provide relevant services under the instruction of IMF.
Sensitive / Special Category data (if appropriate):
IMF Bentham Limited
Australian Privacy Addendum
Notification of Eligible Data Breach
- In this section, Eligible Data Breach has the same meaning as that given to that term in the Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth).
- If a Party (the “Initiating Party”) is or becomes aware that there has been an event which amounts to an Eligible Data Breach (i) it must as soon as possible, but within two (2) Business Days, notify the other Party (“Other Party”); (ii) comply with its obligations under the Privacy Act in relation to that event; (iii) provide the Other Party with all information requested by it about the event; and (iv) if requested, allow the Other Party to participate in the Initiating Party’s assessment of the event, including whether it amounts to an Eligible Data Breach, and remediation activities.
- If the Initiating Party after complying with paragraph (b), determines that an Eligible Data Breach has occurred and notification of that Eligible Data Breach is required under the Privacy Act or if the Other Party notifies the Initiating Party that an Eligible Data Breach has occurred: (i) the parties must meet to discuss and endeavour to agree who will issue the notification; and (ii) if the Initiating Party is to issue a notification, then:
- the Initiating Party must as soon as possible, but within 2 Business Days, provide the Other Party with a draft of the notification;
- make any changes to the draft notification that are reasonably required by the Other Party (as the case may be); and
- issue the notification in accordance with the requirements of the Privacy Act (including any applicable time periods).
- If the Other Party is to issue the notification, then the Other Party must consult with the Initiating Party on the contents of the notification and issue the notification in accordance with the requirements of the Privacy Act (including any applicable time periods).
- If no agreement is reached on which party is to issue the notification, the Initiating Party may issue the notification in accordance with the requirements of the Privacy Act.
- The Initiating Party must ensure that, to the extent it is aware (i) the Other Party is promptly notified of any investigation or other action taken by the Privacy Commissioner in connection with any actual or suspected Eligible Data Breach, or notification in relation to that matter; and (ii) the Other Party is kept informed in relation to that investigation or other action.
- The Parties acknowledge and agree that nothing in this Addendum (Notification of Eligible Data Breach) limits or otherwise affects their obligations under the Privacy Act or any other obligation under this Agreement relevant to privacy or data security.
- Each Party must immediately notify the other Party if it becomes aware of or suspects any breach of this Addendum (Notification of Eligible Data Breach), any breach of security or data breach, including any breach or suspected by any Representative.