Effective from 22nd April 2019
Data Recovery - Terms and Conditions for Ontrack Services
1 These terms
1.1 These terms and conditions ("Terms") govern the supply of Services by KLDiscovery Ontrack Srl, hereinafter referred to as "Ontrack", with registered office at Via Marsala, 34/A - 21013 Gallarate (VA) – Italy, VAT and tax code
02389900131. Please read these Terms carefully before you submit your Order to us. These Terms tell you who we are, how we will provide the Services to you, how you and we may change or end the Contract, what to do if there is a problem and
other important information.
2 Contact details
2.1 How to contact us. You can contact us by telephoning our customer service team on 800 44 00 33 by writing to us at our registered office or using email@example.com or by contacting one of our representatives on our 'Live Chat'
platform available on our Website.
3.1 In these Terms the following definitions will apply:
(a) "Business Customer" means a customer acting for the purpose of their business, trade or profession including, without limitation, a sole trader, partnership, limited company or public authority;
(b) “Confidential Information” means all confidential information (however recorded or preserved) disclosed by either party to the other party in connection with the Services, including but not limited to your Data, our Data and any information that would be regarded as confidential by either party;
(c) "Consumer Customer" means a customer that is an individual who is not acting for the purposes of a business, trade or profession (excluding, for the avoidance of doubt, any Business Customer);
(d) "Contract" means as defined in Clause 4.3;
(e) “Customer” means, as applicable, a Business Customer and/or Consumer Customer;
(f) "Data" means data in electronic form of any description, including 'personal data' as defined by the General Data Protection Regulation EU 2016/679;
(g) "Equipment" means your Media and, if applicable, Mobile Phone;
(h) "Fee" means the fee payable by you for the Services, as set out in the relevant Quotation;
(i) "Media" means storage media such as hard-drives, USB drive, laptop, computer or other devices;
(j) "Mobile Phone" means any mobile telephone;
(k) "Order" means as defined in Clause 4.2;
(l) "Quotation" means as defined in Clause 4.1;
(m) “Service Descriptions” means the specific processes employed by Ontrack as more described at the following link Service Descriptions which sets out, amongst other matters, service limitations, service levels and expectations;
(n) "Services" means the services to be provided by us to you, as described in Clauses 4 (Order Process) and 5 (Services), as well as in the Service Descriptions of these Terms; and
(o) "Website" means our website at www.ontrack.com/it-it or such other website as we use to operate our business from time to time.
4 Order process
4.1 For standard data recovery, following an initial telephone consultation, submission of an online form via our Website or email correspondence, you shall provide your Equipment to us. Thereafter, we shall provide the ordered Services according to the Services Descriptions. Excluding any initial Freeval Analysis (as defined in the Service Description), we shall provide a written quotation to you for our Services (“Quotation”). The Quotation shall set out the defined Services and the applicable Fee.
4.2 For other Services, such as remote data recovery (“RDR”) where you do not submit any Equipment to us, or degaussing, the Quotation shall consist of the work expected to be required by Ontrack to perform the Services.
4.3 Following receipt of our Quotation, you may at your option either: (i) accept and sign the Quotation or statement of work to submit an order for our Services ("Order"), specifying your choice about destruction or return of your Equipment (if applicable) upon payment of a fee; or (ii) decline to place an Order and either: (a) request us to return the Equipment upon payment of the specified fee; or (b) request Ontrack to immediately destroy your Equipment, in compliance with applicable privacy law. If we do not receive an Order or request to return your Equipment within 90 (ninety) calendar days of the date of the Quotation, we will dispose of your Equipment in line with applicable law.
4.4 Our acceptance of your Order will take place when we send you email confirmation of our acceptance, at which point a legally binding contract will come into existence between you and us, governed by these Terms ("Contract").
We will assign an order number to your Order. It will help us if you can tell us the order number whenever you contact us. Under no circumstances shall any general terms and conditions of the Customer apply to the Services.
5.1 In consideration of your payment of the Fee, we will provide the Services in accordance with Service Descriptions and with reasonable care and skill. As applicable, following an Order, we shall use reasonable endeavours to: (i) retrieve, replicate, reconstruct, provide access to, convert, recover and return any recovered Data to you on an encrypted hard-drive or USB stick (or other hard-drive provided by you); (ii) if required, repair the Mobile Phone; and (iii) carry out such other services that we have agreed to perform for you in writing, such as degaussing of Media or RDR. Time for performance shall not be of the essence and delivery information is estimated only. Customer acknowledges that the nature of the Services mean that predicting delivery by specific dates is not possible. You will be informed of the estimated completion date of the Services during the Order process. The costs of returning any Equipment will be as set out on the relevant Quotation.
5.2 If the data recovery is successful pursuant to clause 5.1 above (see Service Descriptions), the recovered Data will be saved on special backup media (by way of example and not limited to external hard drives and USB sticks). Windows NTFS backups up to 2TeraByte and with a total number of files up to 1,000,000 returned on hard disk backup media will be encrypted with 128bit AES algorithm, except for technical reasons. Backups on media other than hard disks, Mac backups and backups over 2TB will not be encrypted. The password to open the encrypted files will be communicated to the Customer by email. Ontrack does not provide any warranty regarding external harddrives which are provided according to manufacturer terms.
5.3 Without prejudice to the provisions clause 5.2 above, Ontrack will also take a back-up copy of the recovered Data and retain this for 14 (fourteen) days, starting from the date of shipment to the Customer of the recovered Data. Unless the Client requests a copy of the back-up within this period, Ontrack shall irreversibly delete the recovered Data. Ontrack does not perform an anti-virus check of the recovered Data and accepts no responsibility for the detection of viruses and for any damage that may result therefrom.
5.4 Remote Data Recovery. Where you wish Ontrack to perform a data recovery for those occasions when submitting any Media is not required, Ontrack may be able to perform a remote data recovery. You must download and install the Ontrack RDR client software using the link provided by Ontrack. Once installed, the client allows the user to connect to Ontrack via an encrypted internet connection. The RDR connection is only used by Ontrack to control the Ontrack recovery tools directly on the Customer’s machine. Your Data will not be transferred to Ontrack during this process.
5.5 Degaussing. Ontrack will place your Equipment into a degaussing unit which is a machine which effectively and securely scrambles the magnetic data held on the Equipment. Following the degaussing process, the Data is no longer readable and will have been securely destroyed.
5.6 Ontrack reserves the right to carry out, in whole or in part, the provision of the Services requested by the Customer in any of its operating headquarters, in Italy or abroad.
5.7 Mobile Phone Repair. The primary service we offer will be the recovery of the Data from the Mobile Phone and we do not offer a standalone Mobile Phone repair. Where a repair is possible, we will repair and restore functionality to the Mobile Phone so that you are able to use it in normal usage conditions.
5.8 For some Services, we may need certain information from you such as user names, passwords and/or access codes. If you do not provide this information within a reasonable time of our request, or if you provide incomplete or incorrect information, we may make an additional charge of a reasonable sum to compensate us for any extra work that is required as a result. We will not be responsible for supplying the Services late or not supplying any part of them if this is caused by you not giving us the information we need.
5.9 We may have to suspend the supply of Services to: (i) deal with technical problems or make technical changes; (ii) update the Services to reflect changes in relevant laws and regulatory requirements; (iii) make changes to the Services as requested by you. We may also suspend supply of the Services if you do not pay.
5.10 Our performance of the Services should, under no circumstances, be taken as a guarantee that the Services will be successful, that all or any of your Data is recoverable or will be useable, that the Mobile Phone, if applicable, will be capable of being used or that we will achieve any other particular result. In respect of Mobile Phone repairs, whilst we use approved original equipment manufacturer repairs, we offer no guarantee that the Services will be consistent with any warranty offered by the original equipment manufacturer. With respect to individual files, Ontrack may not have all the applications available to properly read such files and the Services do NOT include verification of the usability of the individual files subject to recovery or their processing by means of the applications normally used by the Customer.
5.11 Ontrack warrants that the RDR client software: (a) is free from program code or programming instructions intentionally designed to disrupt, disable, harm, interfere with or otherwise adversely affect computer programs, data files
or operations; and (b) contains no other malicious or harmful code typically described as a virus or by similar terms, including trojan horse, worm or backdoor.
6 Intellectual property rights
6.1 Your Equipment and Data shall at all times remain your property, and we shall have no right, title or interest in or to them (except the right to possession and use of your Equipment and Data to perform the Services). We retain
all right, title and interest in the provision of the Services, including any improvements or enhancements made to the Services.
7 Rights to end a contract (Consumer Customers)
7.1 This Clause 7 applies solely to our Contracts with Consumer Customers. Following an Order, you have a legal right to change your mind. These rights, under Sections 52 and ff. of Italian Consumer Code (Leg. Decree no. 206/2005), are explained in more detail below.
7.2 If you place an Order, you can cancel within 14 (fourteen) days after the day we email you to confirm we accept your Order, without giving any reason. If you cancel after we have started the Services upon your express request, you must pay us an amount which is in proportion to the Services provided up until the time you tell us that you have changed your mind in comparison with the full coverage of the Contract. We will tell you what this Fee will be following the cancellation request. However, if, when placing the Order, you make an express request to start the Services immediately, you cannot change your mind, even if the period is still running, once we have completed the Services.
7.3 To cancel the Order, you can do so through one of the following methods of communication by providing your Order number, name, address and cancellation request:
(a) Phone or email. Call customer services on 800 44 00 33 or email us at firstname.lastname@example.org;
(b) By post. write to us at KLDiscovery Ontrack Srl, via Marsala 34/A, 21013 Gallarate (VA) - Italy; or
(c) By Cancellation Form: complete and send to us a cancellation form in the format of the Model Cancellation Form included as a Schedule to these Terms.
To meet the cancellation deadline, it is sufficient for you to send your communication according to this Section before the withdrawal period has expired.
7.4 Effects of withdrawal. Save for what provided for in Section 7.2, if you withdraw from the Contract, we shall reimburse to you all payments received from you without undue delay and in any event not later than 14 days from the day on which we are informed about your decision to withdraw from the Contract. We will carry out such reimbursement using the same means of payment as you used for the initial transaction, unless you have expressly agreed otherwise; in any event, you will not incur any fees as a result of such reimbursement.
8 Rights to end the contract (Business Customers)
8.1 This Clause 8 applies solely to our Contracts with Business Customers. Following an Order, you shall not be able to terminate the Services unless set out in clause 9 below.
9 Mutual termination rights
9.1 Without affecting any other right or remedy available to either Party, each Party may terminate the Contract with immediate effect by giving written notice if:
(a) Either Party commits a material breach of any term of the Contract and fails to remedy that breach within a period of 7 (seven) days after being notified in writing to do so. You failure to pay the Fee shall constitute a material breach, a failure by Ontrack to provide the Services shall constitute a material breach.
9.2 We may terminate the Contract if, by performing the Contract, we may breach applicable export and sanctions laws relating to dealings with certain companies and individuals set by the European Commission or other national authorities, including the United States.
9.3 Following termination, you shall be responsible for all sums owing to us which shall become payable immediately.
10 Customer acknowledgements
10.1 You hereby acknowledge and warrant to us that: (i) you are legally capable of entering into binding contracts; (ii) you have full authority, power and capacity to agree to these Terms and if you are a Business Customer have the appropriate legal authority to conclude the Contract; (iii) all the information that you provide to us in connection with your Order is true, accurate, complete and not misleading; (iv) you are the owner of the Equipment and/or have the permission from the owner of the Equipment for us to perform the Services; (v) your supply of your Equipment and/or Data to us will not breach any obligations or rights of any third parties; (vi) your supply of your Equipment and/or Data to us will not breach any applicable law; (vii) you are legally permitted to grant access to the Data; (viii) your Equipment does not contain any material (including without limitation any Data) which may infringe the Intellectual Property Rights of any third party; and (ix) your Equipment does not contain any material which will breach applicable law. We reserve the right to request documentary evidence of your ownership or legal right to authorise the Services and to suspend or not commence the Services without receipt of such evidence.
10.2 You hereby acknowledge that your Equipment and/or Data may already be damaged prior to our receipt of them, and that our efforts to complete the Services may result in the destruction of, or any further damage to, your Equipment and/or Data. We will take reasonable care in performing the Services, but will not, save as specified in Clause 12 of these Terms, bear any responsibility for existing or additional damage that may occur to your Equipment and/or Data during our performance of the Services.
11 Price and payment
11.1 The price of the Services (which includes VAT) will be the Fee as set out in the relevant Quotation. The Fee shall be payable prior to the Services commencing, or, if applicable, we will invoice you for the Fee when we have completed the Services and prior to delivery of the results of the Services. In the event we agree to invoice you, you must pay each invoice on the date specified.
11.2 How you must pay. Payment can be done by cheque, bank transfer or credit/debit card. Payment by credit/debit card is subject to pre-authorisation. Ontrack will send an email approving authorisation for payment which must be successfully passed prior to Ontrack commencing the Services or delivering the products. If such authorisation is refused to us, we will not be liable for any delay or non-delivery of the Services and the Order may be deemed to be cancelled. Some Services, such as file listings (see Service Description) are payable prior to commencement of the Services. For other Services, following completion of the Order, payment must be made to Ontrack before any recovered Data is returned. Business Customers that apply for credit terms must pay their invoice within the agreed terms, subject to providing Ontrack with a signed acceptance of our order or a valid purchase order.
11.3 If you fail to pay to us any amount due under these Terms we may retain the Equipment and Data until you make full payment. If you do not make full payment within 90 (ninety) calendar days of the due date we may, without liability or consulting you further, dispose of your Equipment and/or Data in line with applicable law. We will also charge interest on late payment in the amount of 3 (three) times the legal interest rate in effect.
12 Our responsibility for loss damage suffered by you
12.1 We do not accept responsibility for any corruption of, or physical or other damage to, or destruction of your Equipment, your Data, or any other equipment that may occur, or invalidation of any warranties in respect of your Equipment or other equipment, either: prior to our receiving your Equipment, your Data, or other equipment; or in the course of our providing the Services where such damage, destruction, corruption or invalidation arises from our performing the Services in accordance these Terms.
12.2 Whilst we will use reasonable endeavours to take care of your Equipment or Data whilst in our possession, we will not be responsible to you if any of your Equipment or Data is lost, destroyed, corrupted or otherwise damaged through fair wear and tear.
12.3 We do not exclude or limit in any way our liability to you where it would be unlawful to do so. This includes our liability for death or personal injury caused by our negligence or the negligence of our employees, agents or subcontractors; for fraud or fraudulent misrepresentation; and in cases of gross negligence and wilful misconduct.
12.4 Subject to the provisions of this clause 12, our total liability to you, whether in contract, tort (including negligence), for breach of statutory duty, or otherwise, arising under or in connection with a Contract shall be limited to (i) in cases of breach of confidentiality, data protection or intellectual property, the greater of €10,000 or the value of the Fee payable under the applicable Contract; or (ii) in any other case, the value of the Fee payable under the Contract.
12.5 Neither Party shall be liable to the other, whether in contract, tort (including negligence), for breach of statutory duty, or otherwise, arising under or in connection with these Terms or any Contract for any indirect or consequential loss, loss of profits or loss of sales or business.
12.6 Use of Couriers. In collecting your Equipment prior to the commencement of the Services, or in delivering the recovered Data and/or original Equipment, we outsource such service to nationally recognised courier companies. By agreeing to us using them for the Services, you agree that any loss or damage to the Equipment or Data shall be expressly subject to the terms and conditions provided by the applicable courier company, including limitations of liability and compensation limits. You hereby waive all right to bring any claim against Ontrack for any loss or damage to Data or Equipment arising from negligence and/or breach of contract by the courier company beyond any compensation scheme set out by them. Customer is entitled to request a policy of transport insurance. The costs of such insurance shall be borne in full by the Customer.
13.1 You shall indemnify us in full against and hold us harmless from all claims, costs, damages, liabilities, expenses (including without limitation legal expenses) demands and judgments awarded against or incurred or paid by us as a result of or in connection with any and all of your acts, inactions and/or omissions connected with the Contract and these Terms.
14 How we may use your personal data (consumer customer and business customer contact data)
14.1 We will use the personal data you provide to us to supply the Services to you and to process your payment for the Services. Providing your personal data is voluntary, however, Ontrack may be unable to provide the Services if you choose not to provide your personal data or withdraw consent at any time. We collect your personal data: (i) when you contact us via email, telephone or by any other means and (ii) in the ordinary course of our relationship with you when providing Services (including personal data we obtain in the course of administering your payments).
14.2 The purposes for which we process your personal data include: (i) to provide the Services and fulfil your Order; (ii) obtaining your views on our Services, and (iii) with the appropriate legal permission, direct marketing.
14.4 Without affecting any of your statutory rights, you shall at any time have the right to: (i) access and obtain information about the nature, processing or disclosure of your personal data; (ii) rectify your personal data; (iii) request, on legitimate grounds, erasure or restriction of processing of your personal data; (iv) object, on legitimate grounds, to the processing of your personal data; (v) request to have your personal data transferred to another controller; (vi) withdraw your consent to processing of personal data; and (vii) lodge complaints with the applicable Data Protection Authority.
15 How we process personal data (recovered data)
15.1 By agreeing to these Terms, in respect of any recovered Data, Customers are also agreeing to the storage and use of the personal data provided for Ontrack’s Services pursuant to the terms of our Data Processing Agreement, which is available https://www.ontrack.com/it-it/terms-and-conditions/data-recovery#dpa .
16 Confidential information
16.1 Each party agrees to not disclose any Confidential Information of the other party to any third party without the prior written authorisation of the party disclosing the Confidential Information and to: (i) use such Confidential Information only for the purposes of carrying out its obligations pursuant to this Agreement; (ii) use the same methods and degree of care to prevent disclosure of such Confidential Information as it uses to prevent disclosure of its own proprietary and Confidential Information but in no event less than reasonable care; and (iii) disclose Confidential Information to its employees and approved third parties, only on a need-to-know basis provided that all such persons are bound by duties of confidentiality no less onerous than are set out in this Agreement.
16.2 Confidentiality obligations shall not apply to any Confidential Information: (i) which enters the public domain through no fault of the recipient party; (ii) which was known to the recipient party prior to receipt from the other party; (iii) which is disclosed to the recipient party by a third party (other than employees or agents of either party) in circumstances that such disclosure is not in violation of any confidentiality obligation to the party disclosing the Confidential Information; or (iv) which is independently developed by the recipient party without recourse to Confidential Information.
17 Other important terms
17.1 This Contract is between you and us. No other person shall have any rights to enforce any of its terms. Each of the paragraphs of these Terms operates separately. If any court or relevant authority decides that any of them are unlawful and/or unenforceable, the remaining paragraphs will remain in full force and effect. If we delay in taking steps against you in respect of your breaking this contract, this will not prevent us taking steps against you at a later date.
17.2 We may change the Services to reflect changes in relevant laws and regulatory requirements and to implement minor technical adjustments and improvements, for example to address a security threat. These changes will not affect your use of the Services. In addition, we may make more material changes to these Terms or the Services, but if we do so we will notify you and you may then contact us to end the Contract before the changes take effect and receive a refund for any Services paid for but not received.
17.3 As well as any other rights you have under law or regulation, if you are resident in the European Union, you may have the option to submit complaints on the European Union’s Online Dispute Resolution platform (the “Platform”) which facilitates the settlement of disputes online. For more information, please visit the Platform on https://webgate.ec.europa.eu/odr/. Ontrack does not intend to use the Platform to settle disputes and you accept that Ontrack is under no obligation to use the Platform to settle any disputes.
17.4 These Terms are subject to Italian law with no regard to its conflict of law rules. For any dispute that may arise between the parties in relation to these Terms and the Services performed by Ontrack, the Court of Busto Arsizio (VA) shall have exclusive jurisdiction, or, in the event that you are a Consumer Customer and accept these Terms within the meaning of the Consumer Code (Legislative Decree 206/2005), the Court of residence or domicile elected by the Consumer Customer will prevail.
17.5 Specific approval of burdensome clauses
Pursuant to and to the effect of Arts. 1341 and 1342 of the Italian Civil Code, by signing the Order Form, I declare to have read, understood to specifically accept the following clauses of Ontrack Terms and Conditions: 4.2 – Order Process; 5.1, 5.3, 5.6, 5.7, 5.8, 5.9 – Our Services; 9 – Mutual Termination Rights; 10 – Customer Acknowledgements; 11.3 - Price and Payments; 12 – Our responsibility for loss or damage suffered by you; 16 – Confidential Information; 17.1, 17.4 – Other Important Terms.
MODEL CANCELLATION FORM
(Complete and return this form only if you wish to withdraw from the contract)
To [TRADER'S NAME, ADDRESS, TELEPHONE NUMBER AND, WHERE AVAILABLE, FAX NUMBER AND E-MAIL ADDRESS TO BE INSERTED BY THE TRADER]
I/We [*] hereby give notice that I/We [*] cancel my/our [*] contract of sale of the following goods [*]/for the supply of the following service [*],
Ordered on [*]/received on [*],
Name of consumer(s),
Address of consumer(s),
Signature of consumer(s) (only if this form is notified on paper),
[*] Delete as appropriate
Effective: 10 October 2019
Last update September 2020
Data Processing Agreement
This Data Processing Agreement applies to: (i) KLDiscovery Ontrack S.r.l. registered office at Via Marsala, 34/A - 21013 Gallarate (VA) – Italy, VAT and tax code 02389900131 (“Ontrack”); and (ii) the applicable Customer placing an order for Ontrack’s services pursuant to the applicable service terms of business (“Terms”).
The Parties have agreed that the terms of this Data Processing Agreement shall apply to the Processing of Personal Data (as defined below) that is required to enable Ontrack to provide the services to the applicable Customer.
In this Data Processing Agreement:
Protected Data means all Personal Data provided to Ontrack by the Customer;
Data Controller has the meaning given to that term (or to the term ‘controller’) in Data Protection Laws;
Data Processor has the meaning given to that term (or to the term ‘processor’) in Data Protection Laws;
Data Protection Laws means all applicable data protection law binding on the Customer, Ontrack and/or in relation to the services including: (i) the GDPR and/or any corresponding or equivalent national laws or regulations; and (ii) in member states of the European Union, all relevant laws or regulations giving effect to or corresponding with the GDPR.
Data Subject has the meaning given to that term in Data Protection Laws;
Data Subject Request means a request made by a Data Subject to exercise any rights of Data Subjects under Data Protection Laws;
GDPR means the General Data Protection Regulation (EU) 2016/679;
Personal Data has the meaning given to that term in Data Protection Laws;
Personal Data Breach means any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, any Personal Data;
Personnel means any current, former or prospective employee, consultant, temporary worker, agency worker, intern, other non-permanent employee, contractor, secondee or other personnel;
Processing has the meaning given to that term in Data Protection Laws (and related terms such as process have corresponding meanings);
Sub-Processor means another Data Processor engaged by Ontrack on behalf of the Client for carrying out Processing activities in respect of the Protected Data; and
Supervisory Authority means any local, national or multinational agency, department, official, parliament, public or statutory person or any government or professional body, regulatory or supervisory authority, board or other body responsible
for administering Data Protection Laws.
Data Processing provisions
1 Data Processor and Data Controller
1.1 The Parties agree that, in respect of Protected Data, the Customer shall be the Data Controller and Ontrack shall be the Data Processor. It is acknowledged that the Customer shall have sole responsibility for the accuracy, quality, integrity and reliability of any Protected Data and of the means by which it acquired such Protected Data.
1.2 The Customer warrants, represents and undertakes, that: (i) all Protected Data used in connection with the services pursuant to the Terms shall comply in all respects with Data Protection Laws; (ii) all instructions given by it to Ontrack in respect of Protected Data shall at all times be in accordance with Data Protection Laws; (iii) it has obtained all necessary consents from any Data Subject whose Personal Data is included within the Protected Data or otherwise has the appropriate legal permission to provide the Protected Data to Ontrack; and (iv) it will comply with the terms of this Data Processing Agreement.
1.3 Ontrack warrants, represents and undertakes, that it shall: (i) process the Protected Data only to the extent necessary in connection with the Terms; and (ii) process the Protected Data in accordance with the Customer’s documented
instructions and the requirements of Data Protection Laws; (iii) promptly inform the Customer if Ontrack considers that the Customer’s instructions infringe Data Protection Laws, or if Ontrack becomes unable to comply with Customer's instructions
regarding the Processing of Protected Data (whether as a result of a change in applicable law, or a change in Customer’s instructions); and (iv) comply with the terms of this Data Processing Agreement.
2 Instructions and details of Processing
2.1 The Processing of Protected Data to be carried out by Ontrack under this Data Processing Agreement shall comprise the Processing as required for Ontrack to provide the services.
3 Technical and organisational measures
3.1 Ontrack shall implement and maintain, at its cost and expense, appropriate technical and organisational measures in relation to the Processing and security of Protected Data in accordance with Data Protection Laws and in accordance
with Articles 32-34 of the GDPR in particular. Ontrack shall ensure that such technical and organisational measures are appropriate to the particular risks that are presented by its Processing activities, in particular to protect Protected Data
from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access.
4 Using Personnel and Sub-Processors
4.1 Save as set out in clause 4.2, Ontrack shall not engage any sub-processor for carrying out any processing activities in respect of the Client Data without the Client’s prior written authorisation. In the event that authorisation is provided, prior to making any disclosure to any approved sub-processor, Ontrack shall put in place written terms with the sub-processor which are equivalent to those set out in this Data Processing Agreement. It is acknowledged and accepted that, notwithstanding anything to the contrary in this Agreement, Ontrack shall remain fully liable to the Client for the performance of each sub-processor’s obligations. Ontrack shall inform the Client of any intended changes concerning the addition or replacement of such sub-processors and allow Client a reasonable opportunity to object, on reasonable grounds, to any such changes or replacements.
4.2 Approved sub-processors at the date of this Data Processing Agreement are set out at Annex 1.
4.3 Ontrack shall ensure the reliability of its Personnel who have access to Protected Data and ensure that they process it only where strictly necessary for the services, ensure that they are fully aware of the measures to be put in
place and the steps to be taken when Processing the Protected Data having regard to Data Protection Laws, and ensure that they have committed themselves to protect the confidentiality of the Protected Data including by way of an appropriate
obligation of confidentiality (whether by written contract or otherwise) in respect of the Protected Data .
5 Assistance with the Customer’s compliance and Data Subject rights
5.1 Ontrack shall promptly refer all Data Subject Requests it receives to the Customer. Ontrack shall provide such reasonable assistance as the Customer reasonably requires (taking into account the nature of Processing and the information
available to Ontrack) to the Customer in ensuring compliance with the Customer’s obligations under Data Protection Laws with respect to: (i) the security of Processing; (ii) data protection impact assessments (as such term is defined in Data
Protection Laws); (iii) prior consultation with a Supervisory Authority regarding high risk Processing; and (iv) notifications to the Supervisory Authority and/or communications to Data Subjects by the Customer in response to any Personal Data Breach,
provided that, in the event that such assistance is disproportionate in time and resources to Ontrack, Customer shall pay Ontrack’s fees for providing such assistance.
6 International data transfers
6.1 Personal Data is hosted and processed by Ontrack within the European Economic Area (“EEA”) and Ontrack shall not transfer any Personal Data outside the EEA without the Customer’s prior written approval.
7 Records, information and audit
7.1 Ontrack shall: (i) create; (ii) keep up-to-date; and (ii) maintain, full and accurate records relating to all Processing of Protected Data.
7.2 Ontrack shall grant to Customer the right of audit, no more than once per calendar year and on a minimum of 30 (thirty) days written notice, during normal business hours and subject to reasonable confidentiality undertakings being given, to access and take copies of such records relating to Processing of Protected Data and shall provide all reasonable assistance to Customer in exercising its audit rights. This audit right shall not extend to any third party data centre or other third party facility housing any server equipment where only visual and accompanied inspection is permitted.
7.3 Ontrack shall at Customer’s request and expense promptly provide Customer with all information necessary to enable Customer to demonstrate compliance with its obligations under the GDPR, to the extent that Ontrack is able to
provide such information.
8 Breach notification
8.1 In respect of any Personal Data Breach involving Protected Data, Ontrack shall, without undue delay: (i) notify the Customer of the Personal Data Breach; and (ii) provide the Customer with details of the Personal Data Breach.
9 Deletion or return of Personal Data and copies
9.1 Ontrack shall, at the Customer’s written request, either delete or return all the Protected Data to the Customer in such form as the Customer reasonably requests within a reasonable time after the earlier of: (i) the end of the provision of the relevant data recovery services pursuant to the Terms related to Processing; or (ii) once Processing by Ontrack of any Protected Data is no longer required for the purpose of Ontrack’s performance of its relevant obligations under this Data Processing Agreement, and delete existing copies (unless storage of any Protected Data is required by applicable law and, if so, Ontrack shall inform the Customer of any such requirement). Ontrack shall procure that its Sub-Processors shall undertake the same actions with regard to Protected Data.
9.2 In the event that Protected Data remains within Ontrack’s possession or control for any period longer than 12 (twelve) months without any active instructions from the Customer, Ontrack shall delete such Protected Data.
10.1 Each Party (the “Indemnifying Party”) shall indemnify and keep indemnified the other Party (the “Indemnified Party”) in respect of all claims, demands, actions, settlements, interest, charges, procedures,
expenses, losses and damages suffered or incurred by, awarded against or agreed to be paid by, the Indemnified Party arising from or in connection with the Indemnifying Party’s non-compliance with this Data Processing Agreement and/or breach
of Data Protection Laws.
11.1 The total liabilities of either Party under this Data Processing Agreement shall in no event exceed the contractual limits set out and agreed in the Terms.
12 Term and Termination
12.1 Unless terminated by agreement of the Parties, this Data Processing Agreement shall commence on the date an order is placed for services pursuant to the Terms and continue in force for so long as Ontrack continues to process Protected Data.
13 Choice of Law
13.1 This Data Processing Agreement shall be subject to the terms of the choice of law provision set out in the Terms.
Date: 1 October 2019
Annex 1 – Sub-Processors and Transfers
|Ontrack Product/Business System||Mandatory use of Sub-processor||Name of Sub-Processor||Location of Sub-Processor||Transfers outside EEA||Data|
|Contabilità (visibilità delle fatture)||Sì||MTEA||Italia||No||Nome, indirizzo, recapiti, codice fiscale, numero di partita I.V.A., modalità di pagamento|
|Fornitore di servizi Internet e telefonici||No||Fastweb||Italia||No||Numero di telefono, indirizzo IP|
|Supporto contatti clienti||No||Segretaria24||Germania/Italia||No||Nome, indirizzo e-mail, telefono|
|Sistema di Customer Management (interno)||Sì||Nobile (supporto tracking degli ordini)||Italia||No||Recapiti e storico|
1. Service Description
(a) Ontrack will recover as much data as possible from one or more damaged data carriers or shall attempt to make them readable again through appropriate measures.
(b) Data recovery is carried out in several possible stages:
i. The Freeval Evaluation - see section 2 below;
ii. Freeval Evaluation for smartphones and tablets – see section 3 below;
ii. The Diagnosis - as an option - see section 4 below;
iii. Data recovery - see sections 5, 6 and 7 below; and/or
vi. Remote data recovery – see section 8 below.
(c) Despite the greatest care and experience, however, it may not be possible to read deleted and/or damaged data even when using Ontrack’s tools and technologies. Therefore, Ontrack cannot guarantee that data on damaged media can be recovered, repaired or read.
(d) Additionally, even with using the highest technical and processing standards according to the state of the art, the processing operations necessary for data recovery include the risk of partial or complete loss of remaining data and/or partial recoverability of data on the damaged media. The customer acknowledges that there remains a risk that: (i) once existing data can no longer be recovered, additional data will be lost; (ii) recovered data can not be used by the customer; (iii) the information content embodied in the data carriers will be destroyed in whole or in part; and (iv) the data carriers, software and other items provided will be damaged, unusable or destroyed.
2 Freeval Evaluation
(a) The Freeval Evaluation consists of an investigation of the type and extent of the data damage as well as an investigation into the possibilities of data recovery on the data carrier. The first step is to determine whether the damage is logical and/or physical and whether the data carrier must be sent to the clean room laboratory for processing. In addition, an assessment of the expected data recovery result is given.
(b) The Freeval Evaluation can be performed in the laboratory of Ontrack or through a remote connection to the customers own systems using the Ontrack Remote Data Recovery (“RDR”) technology (see section 8).
(c) Ontrack will inform the customer after the Freeval Evaluation how successful the subsequent data recovery measure is expected to be. The following estimations of the expected data recovery result are possible:
i. Excellent - We expect that most (90-100%) of your raw data can be recovered and will be readable in the respective application.
ii. Good - We expect that a large part of your raw data (50-100%) can be recovered and will be readable in the respective application.
iii. Partial - We expect that a small part of your raw data (less than 50%) can be recovered and will be readable in the respective application.
iv. Unrecoverable - We cannot access the data on your data carrier.
v. Complex - We are not able to provide an accurate percentage of expected data at this stage. Other data recovery options must be explored.
(d) Freeval Evaluation cannot guarantee compliance with the % thresholds listed under section 2 (c) above as there may be damage which is difficult to detect at the outset and which cannot be completely detected by the Freeval Evaluation.
(e) Alongside the estimation of the data recovery, Ontrack will inform the customer how much time is expected to be required to perform the data recovery, together with the applicable price.
(f) At the customer's request, Ontrack may, after the Freeval Evaluation, carry out an extended Diagnosis, subject to a fee, with the creation of a Verifile File List, in which the amount of data that is expected to be recoverable can be determined more precisely (see section 4 below).
(g) If the customer, on the basis of the results of the Freeval Evaluation, places the order for data recovery, Ontrack will perform the data recovery (see section 5).
(h) The customer may decide not to perform the data recovery after the Freeval Evaluation in which case the order is complete. If so requested by the customer when the data recovery order is placed, the data carrier will be returned to the customer for the fee shown in the quotation form. Otherwise, the media will be destroyed.
(i) Depending on the type of media, the Freeval Evaluation may lead to the transfer of the data to another device and to the destruction of the original media.
3 Freeval Evaluation for smartphones and tablets
(a) The Freeval Evaluation consists of an investigation of the type and extent of the data damage as well as an investigation into the possibilities of data recovery on the data carrier. The first step is to determine whether the damage is logical and/or physical and whether the data carrier must be sent to the phone laboratory for processing. In addition, an assessment of the expected data recovery result is given.
(b) The Freeval Evaluation will be performed in the laboratory of Ontrack.
(c) Ontrack requires the customer to supply the passcode for the smartphone or tablet.
(d) Ontrack will inform the customer after the Freeval Evaluation how successful the subsequent data recovery measure is expected to be. The following estimations of the expected data recovery result are possible:
i. Good - We expect to get access to the memory area and recover the data.
ii. Unrecoverable - We are not able to access the memory area and recover any of your data.
iii. Complex - We are not able to provide an indication of whether we can get access to the memory area at this stage. Other data recovery options must be explored and this may require a Diagnosis (see section 4)
(e) Freeval Evaluation cannot guarantee compliance with the % thresholds listed under section 3 (d) above as there may be damage which is difficult to detect at the outset and which cannot be completely detected by the Freeval Evaluation.
(f) Alongside the estimation of the data recovery, Ontrack will inform the customer how much time is expected to be required to perform the data recovery, together with the applicable price.
(g) If the customer, on the basis of the results of the Freeval Evaluation, places the order for data recovery, Ontrack will perform the data recovery (see section 7).
(h) The customer may decide not to perform the data recovery after the Freeval Evaluation in which case the order is complete. If so requested by the customer when the data recovery order is placed, the data carrier will be returned to the customer for the fee shown in the quotation form. Otherwise, the (media) smartphone/tablet will be destroyed.
4 Diagnosis/result of diagnosis
(a) At the customer's request, Ontrack may perform a chargeable Diagnosis after the Freeval Evaluation to determine the amount of data that is likely to be recoverable.
i. In this Diagnosis the type and extent of the data damage, the exact determination of the possibilities of data recovery on the data carriers provided by the customer, and the quantity of the files/data that can probably be recovered shall be determined. Predictions about the readability of data due to other causes of damage are not always reliable or even possible and Ontrack does not offer any guarantee in this respect.
ii. Further, it is not possible to check the usability of the data in connection with the respective application program within the scope of this Diagnosis.
(b) The Diagnosis can be performed in the laboratory of Ontrack or it may be possible through a remote connection to the customers own systems (using the Ontrack RDR technology (see section 8)).
(c) After the Diagnosis, Ontrack will inform the customer which measures are necessary for data recovery, which data/files can be expected to be recovered, what time expenditure is expected to be necessary and the costs that will be incurred for data recovery.
(d) Depending on the type of media, the Diagnosis may lead to the transfer of the data to another media and to the destruction of the original media.
(e) Ontrack will create a detailed file list (Verifile) of the data/files that Ontrack expects to recover. The file list contains an identification of the files with respect to their expected usability:
i. Green - the data will most likely work/open in the respective application.
ii. Yellow - the data or files are partially corrupted - this may result in the files not being able to be opened and edited in the respective application. It is possible that the damaged files can be repaired but this is not part of the offered data recovery.
iii. Red - the data or files are damaged - this will probably result in the files not being able to be opened and edited in the respective application.
(e) There are special data loss scenarios in which the validity of the coloured statements in the file list (Verifile) is not given. If this is the case, it is indicated in writing in the Diagnosis result.
(f) If the customer decides on the basis of the file list to carry out the data recovery, section 6 below shall apply.
(g) If the customer decides not to carry out the data recovery based on the file list (Verifile) in which case, the order is complete. If so requested by the customer when the order for diagnosis is placed, the data carrier will be returned to the customer for the fee shown in the analysis form. Otherwise, the media will be destroyed.
5 Data recovery after Freeval Evaluation
(a) If the customer places an order for data recovery based on the results of the Freeval Evaluation and the data recovery offer, Ontrack will carry out the data recovery.
(b) If the Freeval Evaluation was performed remotely, the data recovery can be performed with the Ontrack RDR technology (see section 8).
(c) In addition to the separate data carrier with the recovered data, Ontrack shall return the damaged data carrier, if so requested by the customer when the order for data recovery is placed.
(d) At the customer's request, the damaged data carrier can be stored and securely sealed at Ontrack for a separate charge for the purpose of preserving evidence and stored in the safe.
(e) At the customer's request, Ontrack may delete and/or dispose of the data carrier in accordance with applicable regulations at no charge.
(f) If the amount of data recovered is considerably less than that estimated in the Freeval Evaluation, the order will be deemed unsuccessful.
(g) In circumstances specified in 5(f) above, the customer will have 2 options:
Option 1. Ontrack will create a detailed file list (Verifile) for the customer free of charge with the data/files that Ontrack expects to be able to recover. The file list contains an indication of the files in terms of their expected usability:
a. Green - the data will most likely work/open in the respective application.
b. Yellow- the data or files are partially corrupted - this may result in the files not being able to be opened and edited in the respective application. It may be possible to repair the damaged files, but Ontrack does not offer this.
c. Red - the data or files are corrupted - this will probably result in the files not being able to be opened and edited in the respective application.
The customer decides on the basis of the file list (Verifile) to carry out the data recovery as in section 2 above, in which case the Customer will receive the data shown in the file list (Verifile).
Option 2. The customer decides not to carry out the data recovery or request a file list (Verifile) in which case the order is complete. If so requested by the customer when the order for data recovery is placed, the data carrier will be returned to the customer for the fee shown in the quotation form. Otherwise, the media will be destroyed.
6 Data recovery after Diagnosis
(a) If the customer places an order for data recovery on the basis of the diagnostic results and the data recovery offer, Ontrack will carry out the data recovery. If the Diagnosis was performed remotely, the data recovery can be performed with the Ontrack RDR technology (see section 8).
(b) The customer receives the data presented in the file list (Verifile).
(c) In addition to the separate data carrier with the recovered data, Ontrack will return damaged data carrier, if so requested by the customer when the order for data recovery is placed.
(d) At the customer's request, the damaged data carrier can be stored and securely sealed at Ontrack and stored in the safe against separate invoicing for the purpose of preserving evidence.
(e) At the customer's request, Ontrack shall destroy the data carrier.
7 Data recovery after Freeval Evaluation for smartphones and tablets
(a) If the customer places an order for data recovery based on the results of the Freeval Evaluation and the data recovery offer, Ontrack will carry out the data recovery.
(b) U pon payment, Ontrack will return the recovered data along with the damaged smartphone/tablet.
(c) At the customer's request, Ontrack may delete and/or dispose of the smartphone/tablet in accordance with applicable regulations at no charge.
(d) If the amount of data recovered is considerably less than that estimated in the Freeval Analysis, the order will be deemed unsuccessful. The smartphone/tablet will be returned to the customer for the fee shown in the evaluation form. Otherwise, the smartphone/tablet will be destroyed.
8 RDR Remote Data Recovery Service
(a) RDR® is for Remote Data Recovery™ (“RDR”). RDR is a patented technology, allowing Ontrack’s engineers to perform a lab-quality data recovery directly on the Customer’s server, desktop or laptop through a modem or Internet connection. The only requirement is that the storage device is operational. Ontrack’s RDR consists of three main components:
(i) Communications client: The customer initiates a connection to an Ontrack RDR Server using the specially designed RDR Client software. The RDR Client works with commonly used Operating Systems. The drive(s) to be recovered do not need to be from a specific Operating System.
(ii) RDR servers: Locations around the world to facilitate connections.
(iii) RDR workstation: Used by Ontrack engineers to remote control our tools onto Customer’s machine and recover Customer’s valuable data.
(b) First, the customer downloads the appropriate RDR Client version and installs it on the server, desktop or laptop that will be used for the recovery. Next, the Ontrack Client software connects as an outgoing TCP/IP connection from the Customer’s location to the Ontrack server, creating a tunnel or point to point connection through the internet. Since the connection is likely to use a web connection, it can get through most firewalls without any additional configuration requirements.
Security of the data is paramount due to Ontrack’s proprietary communication protocol, encrypted packets and secure Ontrack facilities. RDR protects Customer data over an RDR connection four ways:
(i) Direct connection to the RDR server: The client software uses a direct TCP connection from the customer’s machine to the Ontrack RDR server. RDR does not use a 3rd party hosting product
(ii) Encryption: The communication link uses 256 bit encryption on all packets
(iii) Proprietary protocol: The RDR communication uses a proprietary protocol, not HTTP or any other common protocol that others would understand
(iv) No customer data is transferred over the connection: The RDR connection is only used by the Ontrack engineer to remote control the Ontrack utilities directly on the customer’s machine. Screen updates and keyboard packets are sent across the connection, but actual customer data files are not. Instead the Ontrack engineer is controlling tools to repair file system structures to make the data accessible to the customer.
(c) Once the connection is established, either the Freeval Evaluation will commence, or if a data recovery order is placed, the recovery service will commence.
9 Service Levels
(a) For the data recovery order, the customer can choose between the following service levels according to urgency:
(i) 24-hour emergency service
Processing will take place immediately upon receipt of the order, 24 hours a day. The processing time is around the clock until completion and delivery of the data.
(ii) Express Service
Processing will take place immediately upon receipt of the order from Monday to Saturday from 8.00 a.m. to 6.00 p.m. The processing time is usually 3 days.
(iii) Standard Service
The data carrier will be processed after receipt of the order from Monday to Friday between 9.00 a.m. and 5.00 p.m. The processing time is usually 7-10 working days.
(iv) Economy service
The data carrier will be processed after receipt of the order from Monday to Friday between 9.00 a.m. and 5.00 p.m. The processing time usually lasts 20 working days.
(v) Home Service
The data carrier will be processed after receipt of the order from Monday to Friday between 9.00 a.m. and 5.00 p.m. The processing time is usually 30 working days.