TERMS AND CONDITIONS FOR PURCHASE & THIRD PARTY VENDORS
Vendors are advised to read these terms and conditions carefully. Unless notified in writing to the contrary, by accepting these terms and conditions it is assumed that they are understood and agreed by your company or institution and will be fully complied with.
AS A RESPONSIBLE CORPORATE CITIZEN, ALL SUPPLIERS AND THIRD PARTIES PROVIDING GOODS AND/OR SERVICES TO DREC AND ITS GROUP OF COMPANIES MUST ACT FULLY IN ACCORDANCE WITH THE DREC CORPORATE CODE OF CONDUCT AND CORPORATE SOCIAL RESPONSIBILITY GUIDELINES THROUGHOUT THE CONTRACTUAL TERM.
The vendor or any third party services providers agrees to the information security policy (the “Policy”) of DREC its subsidiaries and affiliates, including, but not limited to wasl LLC, wasl Properties LLC, wasl Hospitality LLC, wasl Owners Association Management LLC and Dubai Golf LLC (collectively “DREC”).
WE ACKNOWLEDGE HAVING RECEIVED THE COMPANY’S CODE OF ETHICS AND CSR GUIDELINES FOR ITS SUPPLIERS AND THIRD PARTY VENDORS WHICH IS AVAILABLE ON THE FOLLOWING ADDRESS:
1. Goods and Services
2. Purchase Price and Terms of Payment
4. Inspection and Rejection
6. Maintenance and Operation
2. If the Vendor purports to be an incorporated company, it warrants that it is a properly constituted company and that it is fully empowered by the terms of its Memorandum and Articles of Association (either expressly or by implication) to comply with the terms of the PO.
11. Suspension and Termination
a. The Vendor is in default of any obligations hereunder including without limitation compliance with any delivery date and such default is not cured within (15) days of the Vendor receiving a written notice in this respect; or
b. The Vendor becomes insolvent, makes any voluntary arrangement with its creditors, becomes bankrupt, becomes subject to an administration order, goes into liquidation whether compulsory or voluntary (otherwise than for the purposes of amalgamation or reconstruction), commences an action for protection from its creditors, compounds with its creditors or a receiver appointed over any of the property or assets of the Vendor. Such right of termination will be without prejudice to any other right available to wasl under the applicable laws of the UAE.
12. Force Majeure
13. Intellectual Property Rights
14. Information Security Policy
Key information security rules and regulations applicable to:
1. all information disclosed to them;
2. the use/access of any systems, networks or equipment made available to any third party vendor: and/or
3. physical access to any physical area within DREC’s business premises.
Please note that this is not an exhaustive list of all the applicable rules and regulations which apply to DREC’s third party service providers, suppliers, their respective employees, officers, subcontractors, consultants and affiliates (“you”), but is merely intended to be indicative of the nature of such requirements you have undertaken to comply. In the event there is any doubt or question about the applicability of this policy, please contact Mr. Ahmed Atiq Balhelli at 043986666
14.1 Proper Use
All users of DREC information resources are responsible for the proper use:
1. and care of information resources under their direct control; and
2. and maintenance of confidentiality of any information or data they may have access to as per job requirements in accordance with this Policy specifically and DREC’s instructions and information security policies generally, (collectively to be deemed “Acceptable Usage”)
14.2 Third Party Accounts
All third party accounts allocated to you and/or your personnel for [any DREC project shall be subject to the following:
1. each third party account allocated shall be used only for the business purpose defined by the assigned individual; and
2. if the your personnel uses his/her personal laptop when accessing the third party account, it must be checked to ensure it is updated with the latest anti-virus software and definitions.
14.3 Handling DREC Information
1. All information assets including data and documents are to be processed and stored strictly in accordance with the classification levels assigned to each. This is to protect the integrity and confidentiality of information.
2. The designated owners of documents which contain sensitive information are responsible for ensuring that the measures taken to protect their confidentiality, integrity and availability, during and after transportation / transmission, are adequate and appropriate.
14.4 Access Control Policies
1. Clear Screen & Clear Desk
Personal computers and computer terminals should not be left logged and unattended. Users should lock the workstation using Ctrl+Alt+Del key when they leave their computer terminals.
2. Mobile Computing
(a) Authorised mobile devices (e.g. laptop computers; personal digital assistants; and mobile phones such as BlackBerry, iPhone, and Android devices) issued by DREC shall be used mainly for business purposes only.
(b) Laptop users shall be responsible for information held in their laptops and protect them against unauthorized access and modification
14.5 Business Continuity Planning Policy
All the backup media onsite and offsite will be stored in lockable fireproof cabinets, access to which will be available to authorized personnel only. Backup tapes shall be encrypted and archived, where feasible.
14.6 Data Encryption
Restricted/confidential information transmitted over any communication network must be sent in an encrypted form
14.7 Physical & Environmental Security Policy
1. All employees, contractors and/ or outsourced personnel deployed at DREC/ wasl shall wear the official identification card at all times while on premises
2. Visitors shall be provided with Visitor Badges which should be worn by them at all times while in the DREC/ wasl premises
14.8 Acceptable Usage Policy
Use of the information assets including information technology systems (“IT Systems”) at DREC must at all times be conducted in a professional and responsible manner and in accordance with the following provisions:
A. It shall be considered an offence for an employee, or a group of employees, to be involved in acts that disrupt DREC’s ability to pursue its business objectives as per the laws of the UAE. Actions such as the deliberate disruption of DREC’s IT Systems, theft and/or destruction of equipment or data services, shall be considered as offences.
B. DREC system and application accounts (log in IDs and passwords) shall be used only for business purposes for which they are requested and authorized. Passwords must never be shared for any reason.
a. Under no circumstances shall a user account be used to participate in a personal financial activity, investments, promotional contests, etc.
b. Users are responsible for protecting any information used and/or stored /accessible through their individual user accounts.
c. Users are responsible for securing desks, workstations, working areas and electronic user devices under their control.
d. Users shall not attempt to access any data or programs contained on any system for which they do not have authorization or explicit written consent.
e. Users shall report any weaknesses they discover in systems and any incidents of possible misuse or violation of DREC / wasl policies to the proper authorities by contacting the “Service Desk” or DREC’s IT Department. No user shall engage in an activity to assess the weaknesses of a system.
f. Users shall not purposely engage in activity with the intent to: harass other users; degrade the performance of systems; deprive an authorised user access to a DREC/wasl resource; obtain extra resources, beyond those allocated; circumvent security measures or gain access to a DREC system for which proper authorization has not been given.
g. Electronic communication facilities (such as email, internet browsing) are for authorized business use, however limited personal use is allowed. Fraudulent, harassing or obscene messages and/or materials or material that breaks the law or discredits DREC/wasl and/or governing authorities shall not be sent from, to or stored on DREC systems. This policy explicitly prohibits browsing obscene web sites or messages on DREC facilities.
h. Users shall not activate mobile code such as ActiveX controls unless they are certain they can trust the source and its acceptability.
i. Users must avoid direct disk sharing with read/write access unless there is absolutely a business requirement to do so.
2 For routine security and network maintenance purposes, with pre-approved authorization from DREC’s management, DREC’s IT Department personnel may monitor IT equipment, systems and network traffic statistics at any time.
3 The following activities are strictly prohibited, without exception:
a. The installation of software such as instant messaging technology, internal relay chat and peer-to-peer services; and
b. Sending or posting information that is defamatory to DREC, its products/services, colleagues and/or customer(s).
4 Unless explicitly permitted in this Policy, the following activities are strictly prohibited, without exceptions:
a. Effecting security breaches or disruptions of network communication.
b. Security breaches include, but are not limited to, accessing data of which the employee is not an intended recipient or logging into a server or account that the employee is not expressly authorized to access, unless these duties are within the scope of regular duties.
For purposes of this policy, "disruption" includes, but is not limited to, network sniffing, pinged floods, packet spoofing, denial of service, and forged routing information for malicious purposes