contract lawyers

speak to a lawyer
see commercial resources

contracts make the world go round

A big part of a business’ success is building strong relationships with customers, suppliers, and other partners. A contract usually underpins those relationships.

Whether it’s licensing a product, creating a channel, or negotiating business-critical services, we can help you put in place the right contract for that the job. We advise on all tech and general commercial contracts, from simple services agreements to bespoke and high-value project contracts.

We provide our clients no-nonsense advice on their contracts. We live and breathe technology and work as part of our client’s team, including contributing to the commercial calls they make on their contracts. Our focus is on achieving great commercial outcomes and not sweating the small stuff.

customer contracts

We draft and negotiate customer contracts for deals in New Zealand and worldwide. Our work includes software licences and support contracts, SaaS and cloud contracts, web, mobile and app terms of use, master contracts, project contracts and statements of work/order forms, and supply contracts and standard terms of business.

channel arrangements

Establishing effective channels to market is on the critical path for most tech companies. Tech companies usually have multi-market aspirations and creating a strong in-market network is often the key to success.

We help our clients with all forms of channel contracts, including distribution and resale, partner and joint venture, and licensing and white labelling. We also provide strategic advice on how to change sales and distribution models, e.g. buying out distributors to move to a direct sales model in preparation for a liquidity event.

procurement

We advise both suppliers and customers on major IT and telecommunications procurement projects. We help clients with ROI, RFI, RFQ, and RFP documents, we advise on RFP responses particularly responses to contractual terms, and we draft and negotiate the contracts falling out of the procurement process.

“Kindrik Partners are tech focused experts, who drive hard for a positive outcome and make sure the outcome is the right one for the business.”

matthew gibson, cfo, invenco

hear what our clients have to say

contact us

explore our other case studies

nz startup lawlab

lawlab

Learn about lawlab, an Australian specialist conveyancing firm, that has worked with Kindrik Partners on commercial matters.
nz tech invenco

invenco

Read about payment technology company Invenco’s expansion to the US and how they found working with Kindrik Partners.
foster moore

foster moore

Foster Moore is a IT company that specialises in electronic registers. Read how we supported them through their growth.
see all case studies

commercial resources

restraints of trade in New Zealand in the corporate context

Restraints of trade are commonly used in New Zealand contracts – from mergers and acquisition(M&A) deals, in shareholders’ agreements and employment / contractor arrangements. They help protect business value, but if drafted too broadly or without clear justification, they risk being unenforceable.

In M&A and capital raising transactions, buyers and investors will carefully review restraints on founders or key employees / contractors to ensure there is the necessary protection of IP, customer relationships, and know-how.

This guide outlines the types of interests that can be protected, key factors courts might consider, and how restraints are typically applied in corporate transactions – along with some practical tips.

Restraints presumed invalid unless reasonable

The landmark case of Nordenfelt v Maxim Nordenfelt Guns & Ammunition Co [1894] held that a restraint is prima facie unlawful, but it may be upheld if it is reasonable in the interests of the parties to the contract and with reference to the interests of the public.

To be enforceable, a restraint must:

  • protect a legitimate business interest
  • go no further than reasonably necessary in terms of duration, geography, and scope.

In short, the restraint must provide adequate protection, but nothing more.

What can be protected?

A restraint cannot simply prevent competition for its own sake. The law will not protect a party from ordinary commercial competition. Instead, the restraint must be connected to a specific interest, such as:

  • trade connections (e.g. client or supplier relationships)
  • confidential business information
  • know-how or intellectual property
  • goodwill of a business being sold.

Two common types of restraint clauses

Non-compete

Prevents a person from working for, or establishing, a competing business within a defined area and timeframe.

Non-solicitation

Prevents a person from contacting or poaching former clients, customers, suppliers, or employees. These tend to be narrower and more enforceable, especially in the employment context.

Reasonableness of restraint depends on scope

Restraints must be reasonable and proportionate. Courts will closely examine the scope of the restraint if necessary, considering:

1. The activity being restrained

Is the restriction narrowly targeted (e.g., preventing contact with certain clients) or a broad ban on competing in an entire industry? Narrow restraints are more likely to be enforceable. E.g. in the AANZ template shareholders’ agreement, a competing entity is defined as any business or other undertaking, which is directly competitive with the Business or any material part of the Business. The defined term Business should be reviewed carefully and, in some cases, a narrower defined concept of Restricted Business may be required.

2. The geographical area

A restraint covering a small local area may be reasonable for a small business; a nationwide or international restriction may be justified for a larger company. If the business is likely to expand overseas, consider if the geographical area should include jurisdictions where the business might operate in the future.

3. The duration of the restraint

While no strict limits exist, restraints lasting 3 years are generally seen as the upper bound in the M&Acontext (see below), but employment restraints tend to be much shorter (e.g. 3 -12 months). But each must be justified.

In addition, restraints in employment / contractor agreements could receive closer scrutiny if challenged, especially if the employee or contractor is junior, the restraint is broad in scope, or the employer cannot identify a specific protectable interest.

Uses in corporate transactions

M&A

Restraints are generally included in sale and purchase agreements as part of M&A deals. They apply to the sellers (whether in share or asset sales) with the rationale to protect a business’ core working knowledge, and ultimately the goodwill being transferred. While a buyer is likely to prefer that the restraints to apply to all sellers regardless of their involvement in the business, there are typically exclusions for:

  • private equity, venture capital and other institutional investors for whom restraints are simply unworkable; and
  • large groups of small sellers.

Buyers typically require non-compete and non-solicitation clauses binding sellers for at least 24-36 months post completion of the sale. Restraints on the sellers of a business in favour of the buyer are upheld more readily than restraints on an employee in favour of their employer. This reflects the substantial value exchanged and more balanced bargaining power in company or business sales (compared to the employer – employee relationship).

Shareholders’ Agreements

Restraints in shareholders’ agreements usually apply to founders and sometimes key employee shareholders due to their knowledge of the business. The restraints aim to:

  • prevent restrained shareholders from competing during and after exiting the business
  • protect confidential information, trade connections, and goodwill, and
  • provide comfort to investors that key people won’t damage the business on exit.

These restraints typically apply while the person is a shareholder, and often for a specified period after exiting the business (e.g. 12–24 months). Restraints in shareholders’ agreements have not been conclusively tested by New Zealand courts, so enforceability remains more uncertain. But the High Court has held that restraints in shareholders’ agreements (as with all restraints) must focus on a legitimate proprietary interest that requires protection. To maximise enforceability, shareholder restraints should be reasonably scoped and connected to a legitimate interest.

One issue companies and founders should consider is when the restraint period runs from – usually from the date they cease to be either (i) a shareholder or (ii) employed, or engaged as a contractor, by the business. In the NZ context, the restraint period often lands on being the earlier of those two events. Investors might argue that a founder who has ceased to work for a company but who retains a shareholding should not compete. On the other hand, a departing founder has no guarantee of any party acquiring their shares on their exit, so the restraints could continue forever. This is not reasonable, nor likely to be upheld by a court.

Legislative developments and global trends

The Employment Relations (Restraint of Trade) Amendment Bill, currently at its second reading, proposes significant changes to restraints in employment agreements, including:

  • making non-compete clauses unenforceable against employees earning less than three times the minimum wage
  • requiring compensation of at least 50% of the average weekly wage during any restraint period

Notably the Bill does not include specific carve-outs for M&A transactions or shareholder restraints, potentially affecting how restraints are structured in all cases going forward. While the Bill focuses on employment agreements, its impact could ripple into other areas, particularly where employee-like roles overlap with shareholder or contractor positions. This is, of course, all yet to be seen with the Bill some way off becoming law (if at all).

There has also been a shift to try and restrict the use of non-competes in places such as the US, the UK and parts of the EU. But, in most cases, those restrictions are not intended to apply to non-competes imposed in connection with M&A deals.

Final thoughts

Restraints of trade are vital for protecting sensitive business interests but must be considered carefully. You should:

  • ensure there is a specific protectable interest
  • keep restraints no broader than necessary in activity, geography, and duration
  • consider the relationship between the parties and the commercial context to assess reasonableness
  • consider the restraint period, and when it runs from
  • define the restricted business accurately and fairly in the context of a non-compete.

dealing with data in contracts 

If you provide SaaS products or services to your clients as part of your business, this guide is for you. We’ll cover what you need to know if you handle end-user personal information, and what to consider when contracting for these services.

Handling and storing end-user data for your clients, especially personal information, comes with a unique set of risks.  If you are a supplier of tech products or services (such as creating an app that you licence to a client) and your client is using it to store the personal information of their customers, you must have consent to handle personal information, and your customers will seek appropriate safeguards against potential loss or destruction of data.   

How this is managed will depend on the subject of your contract, but in this guide we’ll cover some common considerations that will help you mitigate risks and ensure you and your clients are on the same page. 

things to consider when you’re potentially handling personal information for your clients:

  • Know your data:  your contract should clearly set out: 
    • what the data is – data is often broader and more valuable than you think.  E.g., data can include personal information, commercially sensitive numbers or calculations, or analytical data about products or services.  It is essential that data is clearly defined within the contract 
    • who owns it – as a supplier, you generally won’t own the data.  It is commonplace for clients to supply their data to you, to enable you to provide products and services 
    • what rights the non-owning party has – consider what rights you need to use it for the duration of the contract, and after termination or expiry.  Ensure your rights to use the data to perform your obligations are clearly set out.  Is the data something you can get value from?  If so, ensure you can use the data (or any resulting insights) to improve your own products and services. 
  • Understand your rights and obligations:  ensure that contractual requirements for storing or handling data are clear and that you have the processes in place to comply.  Clients increasingly expect minimum requirements around storage and handling of data, so it is important to ensure that any obligation is reasonable and achievable. 
  • Limit your liability:  you should ensure that your client is responsible for obtaining all consents required for you to use the data.  Ideally, you would be able to exclude all liability or risks in your contract.  However, many clients expect high liability caps or unlimited liability, as they are concerned about protecting the data that they have gathered.  In this case, include clear obligations in the contract to ensure you can comply.  
  • Know your regulatory regime:  if the data contains personal information, you will be subject to a privacy regime, which will change depending where you are contracting, and where you that personal information was collected.  For New Zealand companies who are handling information that was collected in New Zealand, this usually means understanding your obligations under the Privacy Act. However, if you’re handling data that was collected overseas, you may need to understand your obligations under other laws. For instance, we have seen an increased focus on privacy compliance in recent years, particularly with the General Data Protection Regulation coming into effect in 2018.  While compliance can seem daunting, wellconstructed privacy policies add value, and increasingly are seen as a source of competitive advantage as it allows you to use data effectively in your business.  Also, clear, and well thoughtout, privacy policies can be a great way to enhance the value of shared information and build the trust of data partnerscustomers and regulators.   

[We have an online tool that helps you generate GDPR-compliant privacy policies. Try our GDPR privacy policy document generator.] 

  • Have an exit strategy:  Your contract should address what happens to data when the contract ends.  E.g. do you need ongoing rights to use it; what must be returned or destroyed.  The other party may be engaging with your competitors for a replacement service, so it is important that you address what happens when the relationship ends.   
  • Be future proof:  will your needs change over the contract?  If so, you could consider annual review periods to discuss fees and the scope of services provided.  Ofor longer term contacts, you could consider including off ramps like no fault termination rights, after an initial term.  

Being responsible and proactive when dealing with data in contracts can minimize risk to your business, maintain trust with clients, and ensure you receive value as you provide tech products and services.  If this is something that you’d like to discuss with us, get in touch. 

lessons from British Airways’ massive fine for GDPR breach

The UK’s data watchdog, the Information Commissioner’s Office announced earlier this month that it intends to fine British Airways £183.39 million following a cyberattack against its systems last year.

The data breach involved user traffic from the British Airways website being diverted to a fraudulent site, where personal data and credit card information of around 500,000 customers was harvested by attackers.  The Information Commissioner’s Office found this to be the result of poor security arrangements. It appears that there was a delay of around 3 months between the breach taking place and it being reported to the Information Commissioner’s Office, which may have contributed to the size of the fine.

what does it mean?

The massive fine demonstrates the seriousness of breaches of the European Union’s General Data Protection Regulations (GDPR), which came into force in Europe in May 2018.  It represents approximately 1.5% of British Airways’ worldwide revenue in 2017 (the maximum penalty under the GDPR is 4% of worldwide revenue).

The message is clear – if you are subject to the GDPR and do not treat your customers’ data with the utmost care and fail to follow the correct procedures, you can expect severe penalties if a data breach occurs.

The GDPR will apply to New Zealand businesses if:

  • they have operations located in the EU and process personal data of individuals in the EU (regardless of where this personal data is processed); or
  • they offer goods or services to individuals located in the EU (even if those individuals are not paying customers) or monitor the behaviour of individuals located in the EU (including through the use of cookies).

so what should you do?

carry out a data inventory

Carry out a data inventory to understand what personal information you collect and process, and your purposes for doing so.  You can’t design an appropriate data security strategy if you don’t know what personal information you hold.

If you operate a B2B e-commerce or marketing website, our GDPR privacy policy doc maker includes questions that help identify the personal information you are likely to collect and process, and the likely purposes for you doing so.

get familiar with your obligations under the GDPR

The Information Commissioner’s Office has an excellent guide at https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/.

review your data security

The GDPR does not define the security measures that you should have in place – it requires you to have a level of security that is appropriate to the risks presented by your processing.

You should look at what security measures are considered to be industry standard in light of the nature, scope, context and purpose of your data processing.  The ISO 27001 standard contains generally accepted guidelines for an information security management system and is intended to be applicable to all organisations, regardless of size, type or nature.  For specific types of data, other standards may be relevant – e.g. if you handle credit card data, you may be required to comply with the Payment Card Industry Data Security Standard (PCI DSS).

implement a process for dealing with data breach

Finally, you should have a process in place for dealing with a data breach.  Under the GDPR, you must report a data breach that poses a risk to people within 72 hours of becoming aware of it, even if you do not have all the details.

In New Zealand, there is currently no legal requirement to report a data breach.  However, the Privacy Bill currently before Parliament proposes mandatory notification where a privacy breach presents a risk of serious harm to an individual or individuals.

Whether or not reporting is required, handling a data breach well will help mitigate the damage to your reputation and your relationship with data providers.  The NZ Privacy Commission has useful guidelines and the Information Commissioner’s Office guidelines also include a section on data breaches, including a notification self-assessment tool.

see all resources

subscribe to our newsletter and get the latest templates and tips for fast-growing startups in New Zealand

are you based in southeast asia?

If so then you may prefer kindrik.sg

yes take me to your southeast asia site