| Dokumendiregister | Riigi Kaitseinvesteeringute Keskus |
| Viit | 2-2/26/140 |
| Registreeritud | 13.02.2026 |
| Sünkroonitud | 16.02.2026 |
| Liik | Leping |
| Funktsioon | - - |
| Sari | - - |
| Toimik | - - |
| Juurdepääsupiirang | Avalik |
| Juurdepääsupiirang | |
| Adressaat | THALES UK Limited |
| Saabumis/saatmisviis | THALES UK Limited |
| Vastutaja | |
| Originaal | Ava uues aknas |
1/4
Non-Disclosure Agreement
13.02.2026 nr 2-2/26/140
Terms and conditions of confidentiality THALES UK Limited (registry code 00868273, address 350 Longwater Avenue, Green Park, Reading,
Berkshire, United Kingdom, RG2 6GF), represented by Mr. Kerry Adam Davey, Senior Contracts Manager
acting on the basis of an authorization issued by the company (hereinafter as the recipient of information),
by signing this Terms and conditions of confidentiality confirms that agrees to these conditions and
undertakes to comply with them.
The terms and conditions of confidentiality of a public procurement of the Estonian Centre for Defence
Investments (hereinafter the ECDI) for the submission of a tender for the procurement “MeV
miinitõrjesüsteemide elutsükli teenuse tellimine” (“Ordering Navy's MCM systems lifecycle service”)
(H2344), for which the ECDI is required to provide confidential information to the interested party
(hereinafter “the recipient of information”).
1. General terms and conditions
1.1. The purpose of these terms and conditions is to protect the confidential information
provided by the ECDI to the recipient of information during the procurement procedure and
the performance of the procurement agreement. By signing these terms and conditions, the
recipient of information undertakes to keep this information confidential (hereinafter also
the “confidentiality obligation”).
1.2. By signing these terms and conditions, the recipient of information confirms that they
undertake to comply with the requirements for the processing of confidential information
set out in legislation, including the data processing and data protection requirements set out
in the Public Information Act, the Personal Data Protection Act, the Civil Service Act and the
Archives Act, as well as the requirements set out in the State Secrets and Classified
Information of Foreign States Act and its implementing provisions.
1.3. In the procurement procedure, the procurement documents, and the procurement
agreement, the ECDI is also referred to as the contracting authority and the contracting entity
and the recipient of information is also referred to as the interested person, tenderer, and
contractor. The ECDI also means the end user, i.e. the Defence Forces. The ECDI and the
recipient of information are also jointly referred to as the Parties.
2. Confidential information
2.1. The following information, inter alia, is considered confidential:
2.1.1. the technical specifications and annexes thereto and other technical
documentation with annexes, including the design documentation, which is
provided to the recipient of information;
2.1.2. any other technical information on the object of the procurement provided in any
form (written, oral, reproducible in writing, etc.) or exchanged between the Parties;
2.1.3. questions, clarifications, explanations, opinions and proposals provided regarding
the technical specifications of the procurement or exchanged between the Parties;
2/4
2.1.4. all documents that have been deemed by the ECDI and the Defence Forces as
information intended for confidential or internal use within the meaning of the
Public Information Act and any information the nature of which refers that it must
be seen as confidential information;
2.1.5. confidential information also includes other materials describing the object of the
procurement agreement, personal and security information, computer programs,
codes, algorithms, names and professional descriptions of employees and
consultants, know-how, forms, processes, ideas, strategies, inventions (both
patentable and non-patentable), schemes and other technical, commercial,
financial or product development plans, other information which has been
recognised by law as having a restriction on access and other information the
disclosure of which could harm the interests of the ECDI;
2.1.6. information containing state secrets and classified information of foreign states.
3. The recipient of information undertakes to fulfil the following obligations without a term:
3.1. not to disclose confidential information to any extent or scale, in whole or in part, to any
third party without the prior written consent of the ECDI;
3.2. use confidential information only for the purpose of submitting a tender during the
procurement procedure and for the purpose of performing the agreement in the event of
being awarded the agreement;
3.3. the recipient of information confirms that if their tender is not successful and they are not
awarded the procurement agreement, they will delete all documents transferred by the ECDI
during the procurement procedure from all data media, return the physical data media
received from the ECDI, and ensure that their subcontractors do the same. Upon request, the
recipient of information will provide evidence of the deletion to the ECDI. In the event that
the addressee of the information withdraws from the submission of a tender, it is obliged to
immediately inform the procurement contact person of the ECDI;
3.4. the recipient of information confirms that after the termination of the procurement
agreement, they will delete all documents transferred by the ECDI during the procurement
procedure and the performance of the procurement agreement from all data media and
return the physical data media received from the ECDI, and ensure that their subcontractors
do the same; upon the request of the ECDI, the recipient of information will provide evidence
of this. The ECDI has the right to request proof of deletion;
3.5. the recipient of information confirms that confidential information may only be disclosed
with the written consent of the ECDI to the extent necessary for the purpose of performing
the procurement agreement;
3.6. ensure that the members of its governing bodies as well as the staff and subcontractors
comply with the obligations and rules necessary to fulfill the purpose of these terms and
conditions and establish the necessary measures to that end;
3.7. keep records of to whom and to what extent confidential information has been disclosed and
provide the relevant information to the ECDI upon request;
3.8. when concluding the procurement agreement, comply with all requirements for the
processing and use of confidential information.
4. Security requirements and confidentiality
3/4
4.1. The recipient of information undertakes to comply with the security rules in force in the area
of governance of the Ministry of Defence. In the event of the recipient of information using
subcontractors, such subcontractors must be coordinated with the ECDI in advance in writing
and all the security conditions set out in the terms and conditions will also apply to them.
The recipient of information will be held liable for the compliance of the subcontractor with
the security requirements.
4.2. The recipient of information undertakes to process the information identified as intended for
internal use in accordance with the procedure provided for in the Public Information Act and
its implementing provisions.
4.3. The recipient of information will be prohibited from reproducing or disclosing information
intended for internal use to any third party, including persons who do not have the
appropriate right of access and need to know.
4.4. The recipient of information is obliged, on an ongoing basis, to keep records of the persons
who have access to the restricted materials designated “for internal use” related to the
project and to provide a summary of that information (incl. subcontractors) at the request of
the ECDI.
4.5. The internal work process of the recipient of information and the computer systems used
must prevent access to restricted information (incl. documents designated “for internal use”,
design instructions of the ECDI, protocols, etc.) by persons who are not included in the list.
4.6. All parts of the documents with restricted access (“for internal use”) must be encrypted with
the DigiDoc crypto program or an encryption solution offering equivalent protection before
being sent by email.
4.7. All parts of the documents with restricted access (“for internal use”) must be encrypted with
the DigiDoc crypto program or an encryption solution offering equivalent protection when
saving them on data media (CD, DVD, USB drive, etc.).
4.8. Restricted materials may not be copied to servers beyond the control of the recipient of
information (e.g. Google Drive, DropBox, OneCloud, etc.). Specify, upon the commencement
of cooperation with the ECDI, how the recipient of information is allowed to handle the
restricted materials.
4.9. Persons processing restricted material for the recipient of information must give their
consent to background checks pursuant to section 41 of the Estonian Defence Forces
Organisation Act. Successfully passing the background check is a prerequisite for the
processing of restricted material.
4.10. The recipient of information must keep a record of and check the integrity of the data media
containing restricted material relating to the procurement agreement.
4.11. The recipient of information undertakes to ensure the continuous monitoring of restricted
media.
4.12. At the end of the procurement agreement, all restricted information obtained and created
during the performance of the procurement agreement is returned to the contracting
authority.
4.13. The obligation of the Parties to protect the information applies without a term, unless the
Parties have agreed otherwise.
4.14. The recipient of information is obliged to notify the ECDI without delay of a breach of the
terms and conditions or the suspicion that the information has been disclosed, and to
immediately take all comprehensive measures to mitigate the consequences of the breach
and prevent further damage. The ECDI has the right to file a claim for a contractual penalty
and compensation for damage within two months as of becoming aware of the breach. If the
4/4
circumstances on which the claim is based need to be clarified or investigated, the ECDI may
extend that term by notifying the recipient of information as soon as possible.
5. Liability
5.1. The recipient of information is liable for any breaches of obligations pursuant to these terms
and conditions and legislation.
5.2. For a breach of an obligation provided in the terms and conditions, the recipient of
information undertakes to pay a contractual penalty of up to 5,000 (five thousand) euros per
each individual breach.
5.3. In addition to the contractual penalty, the recipient of information is required to compensate
the ECDI for the damage caused by the breach of the confidentiality obligation to the extent
that the contractual penalty did not cover. Damage caused to third persons by a breach of
the confidentiality obligation, which the ECDI has paid for or must pay for, is also considered
damage.
5.4. The recipient of information is required to pay a contractual penalty and/or compensation
for damage to the ECDI within 28 (twenty-eight) days as of the receipt of the relevant claim.
If the recipient of information delays the payment, a late payment interest of 0.2% per day
will be applied to the claimed amount.
5.5. Compliance with the obligation of confidentiality provided for in the terms and conditions
does not relieve the recipient of information from liability for offences under the law.
6. Govering Law and Dispute Resoution
6.1. This Terms and conditions of confidentiality shall be governed and construed in accordance
with Estonian law.
6.2. All disputes arising in connection with this Terms and conditions of confidentiality which
cannot be amicably settled by the recipient of information and the Estonian Centre for
Defence Investments, shall be resolved under the Estonian law in Estonian Harju County
Court.
7. Entry into force of the terms and conditions
7.1. The terms and conditions enter into force upon signing.
recipient of information
(date, signature)
For and on Behalf of Thales UK Limited
Mr. Kerry Adam Davey
Senior Contracts Manager