MDC Data Licence Agreement 1.0

Last Updated: 7 July 2026

This Data Licence Agreement for MDC Datasets (this “Licence Agreement”) is entered into  by and between Mozilla Data Collective, LTD, a company registered in England and Wales with company number 17054959, whose registered address is located at 167-168 Great Portland Street, London, W1W 5PF (the “Licensor” or “MDC”), and the individual or entity accepting this License Agreement ("Licensee"). By clicking "I Agree" (or other similar assent), downloading, accessing, or using the Licensed Data, Licensee agrees to be bound by the terms of this Licence Agreement and any exhibits hereto . Licensor and Licensee are referred to herein, collectively, as the “Parties” and, individually, as each “Party.” 

WHEREAS, Licensor has commissioned the creation of certain proprietary datasets and related data compilations;

WHEREAS, Licensee desires to obtain a licence to access and use certain datasets made available by Licensor; and

WHEREAS, the parties wish to establish the terms and conditions governing Licensee’s access to and use of such commissioned datasets.

NOW, THEREFORE, in consideration of the mutual promises, covenants, representations and warranties contained in this License Agreement, and for other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, the Parties agree as follows:

  1. Definitions. For purposes of this License Agreement, the following terms will have the indicated meanings:
    1. Applicable Laws” means all applicable laws, statutes, regulations, rules, ordinances, and other legally-binding requirements of any governmental authority having jurisdiction over a Party or the subject matter of this Licence Agreement.
    2. Derived Data” means data created or derived by or on behalf of Licensee as a result of combining, changing, converting, analysing, aggregating, transforming, or otherwise processing Licensed Data with other data, where the resultant data is not reasonably capable of being used, whether directly or indirectly and using any methods, techniques, technologies, or tools now known or later developed, to reconstruct, reproduce, extract, infer, or regenerate Licensed Data. 
    3. “Licensed Data” means all data, datasets, and data compilations licensed pursuant to this Licence Agreement as the same may be further defined in a dataset listing.
    4. Marks” means, with respect to a Party, such Party’s trade names, trade dress, trademarks, service marks, logos, brand names and other identifiers, corporate names, meta-tags and universal resource locators, and any applications, registrations and renewals thereof.
    5. “Trained Models and Outputs” means any machine learning models, artificial intelligence systems, model weights, algorithms, insights, analyses, predictions, reports, results, or other outputs created, developed, generated, trained, fine-tuned, testing, validated, benchmarked, or improved by or on behalf of Licensee through the authorised use of Licensed Data, provided that such Trained Models and Outputs do not disclose, contain, or permit a third party to readily reverse engineer, reconstruct, access, or discern the Licensed Data.
  2. Licence Grant.  Subject to the terms and conditions of this Licence Agreement, Licensor hereby grants to Licensee a non-exclusive, worldwide, non-transferable, non-sublicensable licence during the Term to access, copy, store, reproduce, use, analyse, and otherwise process the Licensed Data: (a) for Licensee’s internal and commercial business purposes; (b) to develop, train, fine-tune, test, validate, benchmark, and improve artificial intelligence, machine learning, analytics, and related models, systems, and technologies; (c) to create Derived Data; and (d) to create Trained Models and Outputs. Licensee may use, commercialise, distribute, and otherwise exploit any models, insights, analyses, predictions, or outputs generated through Licensee’s authorised use of the Licensed Data, provided that such activities do not result in the disclosure, redistribution, or other unauthorised use of the Licensed Data. For clarity, the Licensed Data shall not include Derived Data or Trained Models and Outputs.
  3. Restrictions on Use. Licensee shall not, and shall not permit any third party to: (a) reverse engineer, disassemble, decompile, reconstruct, extract, or otherwise attempt to discover or derive the underlying data elements, source materials, methodology, composition, or contents of the Licensed Data, except as reasonably necessary to access and use the Licensed Data as expressly permitted under this License Agreement; (ii) sell, license, sublicense, distribute, publish, disclose, make available or otherwise provided the Licensed Data, in whole or in part, to any third party except as expressly permitted under this License Agreement; (iii) create, commercialise, distribute, or otherwise make available, any dataset, database, or data product that contains, incorporates, discloses, reproduces, or serves as a substitute for the Licensed Data or any substantial portion thereof; (iv) use the Licensed Data to develop, train, fine-tune, test, validate, benchmark, or improve any artificial intelligence model, machine learning model, product, or service that is designed or intended primarily to reproduce, reconstruct, extract, generate, or otherwise make available the Licensed Data, or any substantial portion thereof; (v) use the Licensed Data to create, develop, market, or offer any dataset, database, data product, or service that competes with, is substantially similar to, or is intended to serve as a substitute for Licensed Data; (vi) remove, alter, obscure, or destroy any copyright notices, Licensor Marks, proprietary legends, attribution requirements, or other notices contained in or accompanying the Licensed Data; (vii) attempt to identify, contact, or otherwise associate any individual with any data contained in the Licensed Data, nor attempt to re-identify any de-identified, anonymised, pseudonymised, or aggregated   information; or (viii) use the Licensed Data in any manner that violates, or could reasonably cause Licensor to violate, any Applicable Laws or any third-party rights.
  4. Intellectual Property; Ownership.  
    1. Licensed Data. As between the Parties, The Licensed Data, and all right, title, and interest in and to, including all intellectual property rights therein, are and shall remain the sole and exclusive property of Licensor (and its licensors, as applicable). Except for the limited license rights expressly granted under this Licence Agreement, no right, title or interest in or to the Licensed Data is transferred to Licensee. For clarity, the Licensed Data shall not include Derived Data or Trained Models and Outputs.
    2. Derived Data; Trained Models and Outputs. As between the Parties, Licensee shall own all right, title and interest in and to the Derived Data and Trained Models and Outputs, subject to Licensor’s ownership of and rights in the Licensed Data and any restrictions set forth in this License Agreement.
  5. Fees and Payment. In consideration of the licence(s) granted under this Licence Agreement, Licensee shall pay all fees and charges applicable to Licensed Data as specified in the applicable dataset listing. Unless otherwise specified in such documentation, all fees are due upon purchase. All fees are non-cancellable and non-refundable, except as expressly provided in this License Agreement or required by Applicable Law.
  6. Representations and Warranties; Disclaimers.
    1. Mutual Warranties. Each Party hereby represents and warrants to the other Party that such Party’s execution, delivery and performance of this Licence Agreement does not and will not: (i) conflict with or violate any Applicable Laws; or (ii) conflict with or require any consent under any contract, licence, permit, or other agreement to which it is a party.
    2. Licensor Warranty. Licensor represents and warrants that it has all rights, licences, permissions and consents necessary to grant Licensee the rights in the Licensed Data as set forth in this Licence Agreement and each dataset listing.
    3. Licensee Warranty. Licensee represents and warrants that it shall at all times access, use, process, store, disclose, and otherwise exploit the Licensed Data in compliance with this Agreement and all Applicable Laws.
    4. Disclaimer. LICENSEE’S USE OF, OR INABILITY TO USE, THE LICENSED DATA IS AT LICENSEE’S SOLE RISK. THE LICENSED DATA IS PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS, AND LICENSOR HEREBY DISCLAIMS ALL WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE. LICENSOR SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT, AND ALL WARRANTIES ARISING FROM COURSE OF DEALING, USAGE, OR TRADE PRACTICE. LICENSOR MAKES NO WARRANTY OF ANY KIND THAT THE LICENSED DATA, OR RESULTS OF ITS USE, WILL MEET LICENSEE'S OR ANY OTHER PERSON'S REQUIREMENTS, OPERATE WITHOUT INTERRUPTION, ACHIEVE ANY INTENDED RESULT, BE COMPATIBLE OR WORK WITH ANY SOFTWARE, SYSTEM, OR OTHER SERVICES, OR BE SECURE, ACCURATE, COMPLETE, FREE OF HARMFUL CODE, OR ERROR FREE.
  7. Data Privacy. To the extent that the Licensed Data contains Personal Data (as defined in the DPA), the Parties' processing shall be in accordance with the Data Processing Agreement (the “DPA”) attached hereto as Exhibit A, and incorporated by reference herein.
  8. Indemnification. Licensee shall indemnify and hold harmless, and, at Licensor's option, defend Licensor, its successors and assigns, and each of the respective officers, directors, employees, agents and representatives of the foregoing,  from and against any and all claims, damages, assessments, costs, losses and other expenses, including but not limited to reasonable attorneys’ fees and legal costs, in connection with any third party claim, demand, suit, action or other proceeding (each, a “Claim”) arising from or relating to Licensee’s (i) use, misuse, or unauthorized use of any Licensed Data, (ii) breach of its representations, warranties or obligations under this License Agreement, (iii) breach of Applicable Laws, and (iv) Derived Data, Trained Models and Outputs, and any products or service developed using the Licensed Data; provided that Licensee may not settle any Claim against Licensor unless such settlement completely and forever releases Licensor from all liability with respect to such Claim or unless Licensor consents to such settlement, and further provided that Licensor shall have the right, at its option, to defend itself against any such Claim or to participate in the defense thereof by counsel of its own choice.
  9. Limitation of Liability.  
    1. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL LICENSOR, ITS AFFILIATES, AGENTS AND/OR EMPLOYEES BE RESPONSIBLE OR LIABLE FOR ANY INDIRECT, PUNITIVE, INCIDENTAL, SPECIAL, OR CONSEQUENTIAL LOSS, CLAIM, INJURY AND/OR DAMAGE ARISING OUT OF, OR IN ANY WAY CONNECTED WITH, THIS AGREEMENT OR YOUR USE OF THE LICENSED DATA, WHETHER BASED ON CONTRACT, TORT, STRICT LIABILITY, OR OTHERWISE, EVEN IF LICENSOR HAS BEEN ADVISED OF THE POSSIBILITY OF ANY LOSS, CLAIM, INJURY AND/OR DAMAGE.
    2. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL LICENSOR, ITS AFFILIATES, AGENTS AND/OR EMPLOYEES BE LIABLE TO YOU FOR ANY CLAIMS, LIABILITIES OR DAMAGES HEREUNDER IN AN AMOUNT EXCEEDING THE GREATER OF THE AMOUNT PAID BY YOU TO LICENSOR DURING THE TWELVE (12) MONTHS PRECEDING THE EVENT GIVING RISE TO THE CLAIM (OR THE DURATION OF YOUR USE OF THE LICENSED DATA, IF LESS THAN TWELVE (12) MONTHS), AND ONE HUNDRED GBP (£100).
  10. Term and Termination 
    1. Term. This Licence Agreement shall commence on the Effective Date and shall continue until terminated in accordance with this Section 9.
    2. Termination. Licensor may terminate this Licence Agreement immediately upon written notice if Licensee materially breaches this Licence Agreement. In addition, Licensor may suspend or terminate Licensee’s access to the Licensed Data if Licensor reasonably believes that Licensee has used, disclosed or distributed the Licensed Data in violation of the terms of this Licence Agreement.
    3. Effect of Termination. Upon expiration or termination of this Licence Agreement, all rights granted to Licensee with respect to the Licensed Data shall immediately cease, and Licensee shall promptly discontinue all access to and use of the Licensed Data and permanently delete or destroy all copies of the Licensed Data in its possession or control. Upon Licensor’s reasonable request, Licensee will certify its compliance with the foregoing obligations in writing. Notwithstanding the foregoing, Licensee may retain and continue to use any Derived Data and Trained Models and Outputs created prior to the effective date of termination, provided that such Derived Data and Trained Models and Outputs do not disclose, contain, or permit access to the Licensed Data and Licensee otherwise remains in compliance with this Licence Agreement.
    4. Survival. Sections 3, 4, 5, 6, 7, 8, 9 and 10, and any other provisions that by their nature should survive expiration or termination of this Licence Agreement, shall survive such expiration or termination.
  11. Miscellaneous
    1. Governing Law. This Licence Agreement and any dispute or claim arising out of or in connection with it,  its subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the laws of England and Wales. Each Party irrevocably submits to the exclusive jurisdiction of the courts of England and Wales in respect of any dispute, claim or proceeding arising out of or in connection with this Licence Agreement. 
    2. Entire Agreement. This Licence Agreement, and any applicable dataset listing, constitutes the entire agreement between Parties, and supersedes any prior and contemporaneous agreements between the Parties on the subject matter.
    3. Relationship of the Parties. Nothing in this Licence Agreement creates any agency, partnership, joint venture, or employment relationship between Licensor and Licensee. 
    4. Injunctive Relief. Licensee acknowledges that any unauthorised disclosure or use of Licensed Data may cause irreparable harm for which monetary damages are inadequate, and Licensor may seek injunctive or equitable relief without posting bond.
    5. Force Majeure. Under no circumstances will Licensor be liable for any delay or failure in performance resulting directly or indirectly from an event beyond its reasonable control.
    6. No Waiver. No waiver of any term of this Licence Agreement shall be deemed a further or continuing waiver of such term or any other term, and Licensor’s failure to assert any right or provision under this Licence Agreement shall not constitute a waiver of such right or provision.
    7. Severability. Each of the provisions of this Licence Agreement operates separately. If any court or relevant authority decides that any of them are unlawful or unenforceable, the remaining provisions will remain in full force and effect. If any provision is deemed unlawful or unenforceable, the parties agree that such provision shall be modified or amended by the court or relevant authority to the extent necessary to render it enforceable, in accordance with the intent of the original provision. The modified provision shall be interpreted so as to reflect the original intent of the parties as closely as possible, while remaining compliant with Applicable Law.
    8. Assignment. This Licence Agreement, and any rights and licences granted hereunder, may not be transferred or assigned by Licensee without the prior written consent of Licensor. This Licence Agreement may be assigned by Licensor without restriction. Any attempted transfer or assignment in violation hereof shall be null and void.

EXHIBIT A

Data Processing Agreement

This Data Processing Agreement (“DPA”) is incorporated into and forms part of (and if applicable, amends the current version of) the Licence Agreement between Licensee and Mozilla Data Collective LTD (“Licensor” or “MDC”), each a “Party” and collectively the “Parties”. This DPA applies to and takes precedence over the Agreement between the Parties, and any associated contractual document between the Parties, such as an order form, statement of work, or data processing agreement thereunder , to the extent of any conflict. Capitalised terms not defined herein or in the Agreement, are defined as in applicable Data Protection Laws.

Licensee and MDC agree as follows:

  1. Definitions. For purposes of this DPA:
    1. Controller” is defined as under the GDPR and other Data Protection Laws using that term. 
    2. Data Protection Laws” means all applicable laws, regulations, and other legal or self-regulatory requirements in any jurisdiction relating to privacy, data protection, data security, breach notification, or the Processing of Personal Data, including without limitation, to the extent applicable, the General Data Protection Regulation, Regulation (EU) 2016/679 (“GDPR”), the United Kingdom Data Protection Act of 2018 (“UK Privacy Act”), and the Swiss Federal Act on Data Protection (“FADP”).
    3. Licensed Data” shall have the same meaning as under the Agreement. 
    4. Data Subject” means an identified or identifiable natural person to whom Personal Data relates and includes “consumer” as defined under Data Protection Laws. 
    5. EU SCCs” means the Standard Contractual Clauses issued pursuant to Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council, available at http://data.europa.eu/eli/dec_impl/2021/914/oj. and completed as set forth herein.
    6. Personal Data” includes “personal data,” “personal information,” and similar terms, as defined by Data Protection Laws, processed by the parties in connection with the Licensed Data under the Agreement.
    7. Process”, “Processing”, and their cognates mean any operation or set of operations performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, creating, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
    8. Security Breach” means any accidental or unlawful acquisition, destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data.
    9. UK SCCs” means the United Kingdom International Data Transfer Addendum to the EU Commission Standard Contractual Clauses (available at https://ico.org.uk/media/for-organisations/documents/4019539/international-data-transfer-DPA.pdf) and completed as set forth herein.
  2. Roles of the Parties
    1. This DPA applies to Personal Data processed by the Parties in connection with the Agreement. 
    2. The Parties are independent Controllers of Personal Data processed under the Agreement. Each Party will comply with the requirements of Data Protection Laws applicable to it as a Controller, and each Party is solely responsible for such compliance.
  3. MDC Obligations
    1. MDC will use commercially reasonable efforts to ensure that any disclosure of Personal Data by MDC to Licensee is supported by an appropriate legal basis under applicable Data Protection Laws.
    2. During the term of the Agreement, MDC will maintain a publicly available privacy notice describing its processing activities as required by applicable Data Protection Laws.
  4. Licensee Obligations
    1. Licensee will Process Personal Data for the purposes specified in its Privacy Policy and as specified in this DPA, subject to any other requirements or restrictions under Data Protection Laws and the Agreement. Without limiting the foregoing, Licensee is solely responsible for providing all notices and disclosures, and obtaining any consents, required by applicable Data Protection Laws in connection with its Processing of Personal Data.
    2. Licensee acknowledges that it is responsible for responding to requests from or on behalf of Data Subjects with respect to Personal Data that it processed as an independent controller, as required by Data Protection Laws.  Licensee will promptly forward to MDC any enquiry or request from or on behalf of a Data Subject, or direct the Data Subject to contact MDC directly, relating to any copy of Personal Data that MDC may have.
    3. Licensee will take appropriate technical and organisational measures designed to protect Personal Data against a Security Breach and will lawfully respond to and address potential and confirmed Security Breaches.
  5. Data Transfers 
    1. The Parties acknowledge that the Processing contemplated under this Agreement may involve the cross-border transfer of Personal Data from MDC to Licensee. A party may only engage in cross-border transfers or onward cross-border transfers of Personal Data if it has put in place a data transfer mechanism deemed to be valid under Data Protection Laws.
    2. To the extent legally required, by executing this DPA, Licensee and MDC are deemed to be signing the EU SCCs, which form part of this DPA and (except as described in Section 5(c) and 5(d) below) will be deemed completed as follows:  
      1. Module One of the EU SCCs applies to transfers of Personal Data from MDC (as an independent Controller) to Licensee (as an independent Controller).
      2. Clause 7 (the optional docking clause) is not included.
      3. Clause 11 (Redress): The optional language requiring that data subjects be permitted to lodge a complaint with an independent dispute resolution body is not included.
      4. Clause 17 (Governing law): The Parties choose Option 1 and select the law of the Republic of Ireland.
      5. Clause 18 (Choice of forum and jurisdiction): The Parties select the courts of the Republic of Ireland.
      6. Annex I is completed as set forth in Schedule 1 of this DPA.
      7. Annex II is completed as set forth in Schedule 2 of this DPA.
    3. To the extent legally required, by executing the Agreement, the Parties are deemed to be signing the UK SCCs, which form part of this DPA and take precedence over the rest of this DPA as set forth in the UK SCCs. The Tables in UK SCCs are deemed completed as follows:
      1. Table 1: The Parties’ details shall be the Parties and their affiliates to the extent any of them is involved in such transfer, and the Key Contact shall be the contacts set forth in Schedule 1 of this DPA.
      2. Table 2: The Approved EU SCCs referenced in Table 2 shall be the EU SCCs as executed by the Parties and completed in Section 5(b) of this DPA.
      3. Table 3: Annexes I and II are set forth in Schedules 1 and 2 below, respectively.
      4. Table 4: Either Party may end this DPA as set out in Section 19 of the UK SCCs.
    4. For transfers of Personal Data that are subject to the FADP, the EU SCCs form part of this DPA as set forth above, but with the following differences to the extent required by the FADP: (1) references to the GDPR in the EU SCCs are to be understood as references to the FADP insofar as the data transfers are subject exclusively to the FADP and not to the GDPR; (2) references to personal data in the EU SCCs also refer to data about identifiable legal entities until the entry into force of revisions to the FADP that eliminate this broader scope; (3) term “member state” in EU SCCs shall not be interpreted in such a way as to exclude data subjects in Switzerland from the possibility of suing for their rights in their place of habitual residence (Switzerland) in accordance with Clause 18(c) of the EU SCCs; and (4) the relevant supervisory authority is the Swiss Federal Data Protection and Information Commissioner (for transfers subject to the FADP and not the GDPR), or both such Commissioner and the supervisory authority identified in the EU SCCs (where the FADP and GDPR apply, respectively).
  6. Additional Safeguards. To the extent that Licensee acts as the Importer of Personal Data of Data Subjects located in or subject to the Data Protection Laws of the EEA, Switzerland, or the United Kingdom, Licensee agrees to the following safeguards (“Additional Safeguards”) to protect such Personal Data to an equivalent level as such Data Protection Laws:
    1. Licensee uses encryption for data in transit.
    2. As of the date of this DPA, Licensee has not received any national security orders of the type described in Paragraphs 150-202 of the judgment in the EU Court of Justice Case C-311/18, Data Protection Commissioner v Facebook Ireland Limited and Maximillian Schrems.
    3. As of the date of this DPA, no court has found Licensee to be the type of entity eligible to receive process issued under FISA Section 702: (i) an “electronic communication service Exporter” within the meaning of 50 U.S.C § 1881(b)(4) or (ii) a member of any of the categories of entities described within that definition.
    4. Licensee will not comply with any request under FISA for bulk surveillance, i.e., a surveillance demand whereby a targeted account identifier is not identified via a specific “targeted selector” (an identifier that is unique to the targeted endpoint of communications subject to the surveillance), or take any action pursuant to U.S. Executive Order 12333.
    5. Licensee will use reasonably available legal mechanisms to challenge any demands for data access through national security process that it receives, as well as any non-disclosure provisions attached thereto.
    6. Licensee will comply with all requirements of Clauses 14 and 15 of the EU SCCs. In particular, to the extent not prohibited by laws applicable to Importer, Importer will promptly notify Exporter (and where relevant, affected Data Subjects) if Importer (i) receives a legally binding request from a public authority for the disclosure of Personal Data provided to Importer by Exporter (including the Personal Data requested, the requesting authority, the legal basis for the request, and Importer’s response to the request), or (ii) becomes aware that public authorities have directly accessed Personal Data provided to Importer by Exporter. Where Importer is legally prohibited from making such notification, it will use its best efforts to obtain a waiver of this prohibition.
    7. Licensee will promptly notify Exporter if it can no longer comply with the EU SCCs, UK SCCs, or these Additional Safeguards, without being required to identify the specific provision with which it can no longer comply. 
  7. Indemnification and Limitation of Liability. To the extent permitted by Data Protection Laws, the Parties will indemnify each other, and their liability will be limited, as provided in the Agreement.
  8. Survival. The provisions of this DPA survive the termination or expiration of the Agreement for so long as Licensee Processes Personal Data transferred to it under the Agreement.




4,135 words