Terms and conditions for Ontrack data recovery services

Updated: 1 June 2019

  1. These terms
    1. These terms and conditions ("Terms") govern the supply of Data Recovery Services to you by KLDiscovery Ontrack Limited, registered in England (Company Number 02669766) trading as “Ontrack”. Please read these Terms carefully before you submit your Order to us. These Terms tell you who we are, how we will provide the Services to you, how you and we may change or end the Contract, what to do if there is a problem and other important information.
  2. Contact details
    1. How to contact us. You can contact us by telephoning our customer service team on +44 (0)1372 741 999, by writing to us at Ontrack, Global House, 1 Ashley Avenue, Epsom, Surrey, KT18 5AD or ukinfo@ontrack.com, or by contacting one of our representatives on our 'Live Chat' platform available on our Website.
  3. Interpretation
    1. In these Terms the following definitions will apply:
      1. "Business Customer" means a customer acting for the purpose of their business, trade or profession including, without limitation, a sole trader, partnership, limited company or public authority;
      2. "Confidential Information" means all confidential information (however recorded or preserved) disclosed by either party to the other party in connection with the Services, including but not limited to your Data, our Data and any information that would be regarded as confidential by either party;
      3. "Consumer Customer" means a customer that is an individual who is not acting for the purposes of a business, trade or profession (excluding, for the avoidance of doubt, any Business Customer);
      4. "Contract" means as defined in Clause 4.4;
      5. "Data" means data in electronic form of any description, including 'personal data' as defined by the General Data Protection Regulation EU 2016/679 and/or the Data Protection Act 2018;
      6. "Equipment" means your Media and, if applicable, Mobile Phone;
      7. "Fee" means the fee payable by you for the Services, as set out in the relevant Quotation;
      8. "Media" means storage media such as hard-drives, USB drive, laptop, computer or other devices;
      9. "Mobile Phone" means any mobile telephone;
      10. "Order" means as defined in Clause 4.3;
      11. "Quotation" means as defined in Clause 4.1;
      12. "Service Descriptions" means the specific processes employed by Ontrack as more described in the Service Descriptions page which sets out, amongst other matters, service limitations, service levels and expectations;
      13. "Services" means the data recovery services to be provided by us to you, as described in Clauses 4 (Order Process) and 5 (Services) of these Terms; and
      14. "Website" means our website at https://www.ontrack.com/uk, or such other website as we use to operate our business from time to time.
  4. Order process
    1. For standard data recovery, following an initial telephone consultation, submission of an online form via our Website or email you will send us your Equipment for our evaluation. Thereafter, we shall provide the Services according to the Services Descriptions. We will use reasonable endeavours to: (a) examine the Equipment to determine: (i) what Data is accessible on the Equipment: (ii) the cause of any damage to the Equipment and/or the Data on the Equipment; (iii) the amount of Data (if any) likely to be recoverable on the Equipment; (iv) if you have submitted a broken Mobile Phone, whether a repair is possible to your Mobile Phone and what hardware, if any, needs to be repaired or replaced to restore any functionality to the Mobile Phone ("Free Evaluation"); (b) report the results of our Free Evaluation to you. We will provide you with a quotation setting out the scope of Services and applicable Fee ("Quotation").
    2. For other Services, such as remote data recovery (“RDR”) where you do not submit any Equipment to us, or degaussing, the Quotation shall consist of the work expected to be required by Ontrack to perform the Services.
    3. Following receipt of our Quotation, you may at your option either: (i) accept and sign the service request or statement of work to submit an order for our Services ("Order"); (ii) submit a request for us to return your Equipment (if applicable), the delivery cost of which you agree to pay; or (iii) submit a request for us to destroy your Equipment, in which case we will be permitted to immediately destroy your Equipment. If we do not receive an Order or request to return your Equipment within 90 (ninety) calendar days of the date of the Quotation, we will dispose of your Equipment in line with applicable law.
    4. Our acceptance of your Order will take place when we send you email confirmation of our acceptance, at which point a legally binding contract will come into existence between you and us, governed by these Terms ("Contract"). We will assign an order number to your Order. It will help us if you can tell us the order number whenever you contact us.
  5. Our services
    1. In consideration of your payment of the Fee, we will provide the Services in accordance with these Terms and with reasonable care and skill. Following an Order, we shall use reasonable endeavours to: (i) retrieve, replicate, reconstruct, provide access to, convert, recover and return any recovered Data to you on an encrypted hard-drive or USB stick (or other hard-drive provided by you); (ii) if required, repair the Mobile Phone; and (iii) carry out such other services that we have agreed to perform for you in writing, such as degaussing or RDR.
    2. Remote Data Recovery. Where you wish Ontrack to perform a data recovery for those occasions when submitting any Media is not required, Ontrack may be able to perform a remote data recovery. You must download and install the Ontrack RDR client software using the link provided by Ontrack. Once installed, the client allows the user to connect to Ontrack via an encrypted internet connection. The RDR connection is only used by Ontrack to control the Ontrack recovery tools directly on the Customer’s machine. Your Data will not be transferred to Ontrack during this process.
    3. Degaussing. Ontrack will place your Equipment into a degaussing unit which is a machine which effectively and securely scrambles the magnetic data held on the Equipment. Following the degaussing process, the Data is no longer readable and will have been securely destroyed.
    4. Mobile Phone Repair. The primary service we offer will be the recovery of the Data from the Mobile Phone and we do not offer a standalone Mobile Phone repair. Where a repair is possible, we will repair and restore functionality to the Mobile Phone so that you are able to use it in normal usage conditions.
    5. You will be informed of the estimated completion date of the Services during the Order process. The costs of returning the Equipment will be as set out on the relevant Quotation.
    6. For some Services, we may need certain information from you such as user names, passwords and/or access codes. If you do not provide this information within a reasonable time of our request, or if you provide incomplete or incorrect information, we may make an additional charge of a reasonable sum to compensate us for any extra work that is required as a result. We will not be responsible for supplying the Services late or not supplying any part of them if this is caused by you not giving us the information we need.
    7. We may have to suspend the supply of Services to: (i) deal with technical problems or make technical changes; (ii) update the Services to reflect changes in relevant laws and regulatory requirements; (iii) make changes to the Services as requested by you. We may also suspend supply of the Services if you do not pay.
    8. While we use approved original equipment manufacturer repairs, we offer no guarantee that the Services will be consistent with any warranty offered by the original equipment manufacturer. Our performance of the Services should, under no circumstances, be taken as a guarantee that the Services will be successful, that all or any of your Data is recoverable or will be useable, that the Mobile Phone will be capable of being used or that we will achieve any other particular result.
    9. Ontrack warrants that the RDR client software: (a) is free from program code or programming instructions intentionally designed to disrupt, disable, harm, interfere with or otherwise adversely affect computer programs, data files or operations; and (b) contains no other malicious or harmful code typically described as a virus or by similar terms, including trojan horse, worm or backdoor.
  6. Intellectual property rights
    1. Your Equipment and Data shall at all times remain your property, and we shall have no right, title or interest in or to them (except the right to possession and use of your Equipment and Data to perform the Services). We retain all right, title and interest in the provision of the Services, including any improvements or enhancements made to the Services.
  7. Rights to end a contract (consumer customers)
    1. This Clause 7 applies solely to our Contracts with Consumer Customers. Following an Order, you have a legal right to change your mind. These rights, under The Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013, are explained in more detail below.
    2. During the Free Evaluation, you can cancel at any time. If you place an Order, you can cancel within 14 (fourteen) days after the day we email you to confirm we accept your Order. However, once we have completed the Services, you cannot change your mind, even if the period is still running. By placing an Order, you expressly authorise us to commence the Services immediately. If you cancel after we have started the Services, you must pay us for the Services provided up until the time you tell us that you have changed your mind. We will tell you what this Fee will be following the cancellation request.
    3. To cancel the Order, you can do so through one of the following methods of communication by providing your Order number, name, address and cancellation request:
      1. Phone or email. Call customer services on +44 (0)1372 741 999 or email us at ukinfo@ontrack.com;
      2. By post. write to us at Ontrack, Global House, 1 Ashley Avenue, Epsom, Surrey, KT18 5AD; or
      3. By Cancellation Form: complete and send to us a cancellation form in the format of the Model Cancellation Form included as a Schedule to these Terms.
  8. Rights to end the contract (business customers)
    1. This Clause 8 applies solely to our Contracts with Business Customers. Following an Order, you shall not be able to terminate the Services unless set out in clause 9 below.
  9. Mutual termination rights
    1. Without affecting any other right or remedy available to either Party, each Party may terminate the Contract with immediate effect by giving written notice if:
      1. Either Party commits a material breach of any term of the Contract which breach is irremediable or (if such breach is remediable) fails to remedy that breach within a period of 7 (seven) days after being notified in writing to do so or repeatedly breach these Terms. A failure to pay the Fee shall constitute a material breach; or
      2. either Party ceases (or threatens to cease) to trade all or part of its business, has a liquidator, receiver or administrative receiver appointed to it or over any part of its undertaking or assets or passes a resolution for its winding up (otherwise than for the purpose of a bona fide scheme of solvent amalgamation or reconstruction where the resulting entity shall assume all of the liabilities of it) or a court of competent jurisdiction makes an administration order or liquidation order or similar order, or enters into any voluntary arrangement with its creditors, or is unable to pay its debts as they fall due, or, if an individual, becomes bankrupt.
    2. We may terminate the Contract if, by performing the Contract, we may breach applicable export and sanctions laws relating to dealings with certain companies and individuals set by the European Commission or other national authorities, including the United States.
    3. Following termination, you shall be responsible for all sums owing to us which shall become payable immediately.
  10. Customer acknowledgements
    1. You hereby acknowledge and warrant to us that: (i) you are legally capable of entering into binding contracts; (ii) you have full authority, power and capacity to agree to these Terms and if you are a Business Customer have the appropriate legal authority to conclude the Contract; (iii) all the information that you provide to us in connection with your Order is true, accurate, complete and not misleading; (iv) you are the owner of the Equipment and/or have the permission from the owner of the Equipment for us to perform the Services; (v) your supply of your Equipment and/or Data to us will not breach any obligations or rights of any third parties; (vi) your supply of your Equipment and/or Data to us will not breach any applicable law; (vii) you are legally permitted to grant access to the Data; (viii) your Equipment does not contain any material (including without limitation any Data) which may infringe the Intellectual Property Rights of any third party; and (ix) your Equipment does not contain any material which will breach applicable law. We reserve the right to request documentary evidence of your ownership or legal right to authorise the Services and to suspend or not commence the Services without receipt of such evidence.
    2. You hereby acknowledge that your Equipment and/or Data may already be damaged prior to our receipt of them, and that our efforts to complete the Services may result in the destruction of, or any further damage to, your Equipment and/or Data. We will take reasonable care in performing the Services, but will not, save as specified in Clause 12 of these Terms, bear any responsibility for existing or additional damage that may occur to your Equipment and/or Data during our performance of the Services.
  11. Price and payment
    1. The price of the Services will be the Fee as set out in the relevant Quotation. VAT shall be added at the statutory rate and, if applicable, is payable by the Customer.
    2. How you must pay. Unless you are a Business Customer, all payments must be by credit/debit card. Payment by any credit/debit card is subject to pre-authorisation. Ontrack will send an email approving authorisation for payment which must be successfully passed prior to Ontrack commencing the Services. If such authorisation is refused to us, we will not be liable for any delay or non-delivery of the Services and the Order may be deemed to be cancelled. Following completion, payment must be made to Ontrack before any recovered Data is returned. Business Customers must pay their invoice within the time stipulated, if credit terms are offered by Ontrack.
    3. If you fail to pay to us any amount due under these Terms we may retain the Equipment and Data until you make full payment. If you do not make full payment within 90 (ninety) calendar days of the due date we may, without liability or consulting you further, dispose of your Equipment and/or Data in line with applicable law. We will also charge interest to you on the overdue amount at the rate of 4% a year above the base lending rate of Barclays Bank plc from time to time. This interest will accrue on a daily basis from the due date until the date of actual payment of the overdue amount, whether before or after judgment.
  12. Our responsibility for loss or damage suffered by you
    1. We do not accept responsibility for any corruption of, or physical or other damage to, or destruction of your Equipment, your Data, or any other equipment that may occur, or invalidation of any warranties in respect of your Equipment or other equipment, either: prior to our receiving your Equipment, your Data, or other equipment; or in the course of our providing the Services where such damage, destruction, corruption or invalidation arises from our performing the Services in accordance these Terms.
    2. Whilst we will use reasonable endeavours to take care of your Equipment or Data whilst in our possession, we will not be responsible to you if any of your Equipment or Data is lost, destroyed, corrupted or otherwise damaged through fair wear and tear.
    3. We do not exclude or limit in any way our liability to you where it would be unlawful to do so. This includes our liability for death or personal injury caused by our negligence or the negligence of our employees, agents or subcontractors; for fraud or fraudulent misrepresentation; and for Consumer Customers, for breach of your legal rights in relation to the Services and for defective Services under the Consumer Protection Act 1987.
    4. Subject to the provisions of this clause 12, our total liability to you, whether in contract, tort (including negligence), for breach of statutory duty, or otherwise, arising under or in connection with a Contract shall be limited to (i) in cases of breach of confidentiality, data protection or intellectual property, the greater of £10,000 or the value of the Fee payable under the applicable Contract; or (ii) in any other case, the value of the Fee payable under the Contract.
    5. Neither Party shall be liable to the other, whether in contract, tort (including negligence), for breach of statutory duty, or otherwise, arising under or in connection with these Terms or any Contract for any indirect or consequential loss, loss of profits or loss of sales or business.
    6. Use of Couriers. In collecting your Equipment prior to the commencement of the Services, or in delivering the recovered Data and/or original Equipment, we outsource such service to nationally recognised courier companies. By agreeing to us using them for the Services, you agree that any loss or damage to the Equipment or Data shall be expressly subject to the terms and conditions provided by the applicable courier company, including limitations of liability and compensation limits. You hereby waive all right to bring any claim against Ontrack for any loss or damage to Data or Equipment arising from negligence and/or breach of contract by the courier company beyond any compensation scheme set out by them.
  13. Indemnity
    1. You shall indemnify us in full against and hold us harmless from all claims, costs, damages, liabilities, expenses (including without limitation legal expenses) demands and judgments awarded against or incurred or paid by us as a result of or in connection with any and all of your acts, inactions and/or omissions connected with the Contract and these Terms.
  14. How we may use your personal data (consumer customer and business customer contact data)
    1. We will use the personal data you provide to us to supply the Services to you and to process your payment for the Services. Providing your personal data is voluntary, however, Ontrack may be unable to provide the Services if you choose not to provide your personal data or withdraw consent at any time. We collect your personal data: (i) when you contact us via email, telephone or by any other means and (ii) in the ordinary course of our relationship with you when providing Services (including personal data we obtain in the course of administering your payments).
    2. The purposes for which we process your personal data include: (i) to provide the Services and fulfil your Order; (ii) obtaining your views on our Services, and (iii) with the appropriate legal permission, direct marketing.
    3. We may disclose your personal data to other entities of the KLDiscovery group (of which Ontrack forms part), a full list of which is provided in our Privacy Policy, and to (i) legal and regulatory authorities for the purposes of reporting any actual or suspected breach of applicable law or regulation; (ii) our accountants, auditors, lawyers and other outside professional advisors; (iii) third party Processors (such as payment services providers; shipping/courier companies; technology suppliers, processors who provide compliance services). The purpose of disclosure to other entities is to fulfil our contractual obligations towards you or for legitimate business purposes, in accordance with applicable law. We have implemented security measures described in our Privacy Policy and all entities are under an obligation to implement security measures ensuring a high level of protection.
    4. Without affecting any of your statutory rights, you shall at any time have the right to: (i) access and obtain information about the nature, processing or disclosure of your personal data; (ii) rectify your personal data; (iii) request, on legitimate grounds, erasure or restriction of processing of your personal data; (iv) object, on legitimate grounds, to the processing of your personal data; (v) request to have your personal data transferred to another controller; (vi) withdraw your consent to processing of personal data; and (vii) lodge complaints with the applicable Data Protection Authority.
    5. By agreeing to these Terms, you are also agreeing to the storage and use of your personal data pursuant to the terms of our Privacy Policy.
  15. How we process personal data (recovered data)
    1. By agreeing to these Terms, in respect of any recovered Data, our Customers are also agreeing to the storage and use of your personal data pursuant to the terms of our Data Processing Agreement.
  16. Confidential information
    1. Each party agrees to not disclose any Confidential Information of the other party to any third party without the prior written authorisation of the party disclosing the Confidential Information and to: (i) use such Confidential Information only for the purposes of carrying out its obligations pursuant to this Agreement; (ii) use the same methods and degree of care to prevent disclosure of such Confidential Information as it uses to prevent disclosure of its own proprietary and Confidential Information but in no event less than reasonable care; and (iii) disclose Confidential Information to its employees and approved third parties, only on a need-to-know basis provided that all such persons are bound by duties of confidentiality no less onerous than are set out in this Agreement.
    2. Confidentiality obligations shall not apply to any Confidential Information: (i) which enters the public domain through no fault of the recipient party; (ii) which was known to the recipient party prior to receipt from the other party; (iii) which is disclosed to the recipient party by a third party (other than employees or agents of either party) in circumstances that such disclosure is not in violation of any confidentiality obligation to the party disclosing the Confidential Information; or (iv) which is independently developed by the recipient party without recourse to Confidential Information.
  17. Other important terms
    1. This Contract is between you and us. No other person shall have any rights to enforce any of its terms. Each of the paragraphs of these Terms operates separately. If any court or relevant authority decides that any of them are unlawful and/or unenforceable, the remaining paragraphs will remain in full force and effect. If we delay in taking steps against you in respect of your breaking this contract, this will not prevent us taking steps against you at a later date.
    2. We may change the Services to reflect changes in relevant laws and regulatory requirements and to implement minor technical adjustments and improvements, for example to address a security threat. These changes will not affect your use of the Services. In addition, we may make more material changes to these Terms or the Services, but if we do so we will notify you and you may then contact us to end the Contract before the changes take effect and receive a refund for any Services paid for but not received.
    3. As well as any other rights you have under law or regulation, if you are resident in the European Union, you may have the option to submit complaints on the European Union’s Online Dispute Resolution platform (the “Platform”) which facilitates the settlement of disputes online. For more information, please visit the Platform on https://webgate.ec.europa.eu/odr/. Ontrack does not intend to use the Platform to settle disputes and you accept that Ontrack is under no obligation to use the Platform to settle any disputes.
    4. These terms are governed by English law and each Party may bring legal proceedings in the courts of England and Wales.

Schedule - Model cancellation form

(Complete and return this form only if you wish to withdraw from the contract)

To[TRADER'S NAME, ADDRESS, TELEPHONE NUMBER AND, WHERE AVAILABLE, FAX NUMBER AND E-MAIL ADDRESS TO BE INSERTED BY THE TRADER]
I/We* hereby give notice that I/We* cancel my/our* contract of sale of the following goods*/for the supply of the following service*,
Ordered on*/received on*,
Name of consumer(s),
Address of consumer(s),
Signature of consumer(s) (only if this form is notified on paper),
Date

*Delete as appropriate

Effective: 1 June 2019

Data Processing Agreement

Updated: 1 June 2019

This Data Processing Agreement applies to: (i) KLDiscovery Ontrack Limited (company number 02669766) having its registered office address at Global House, 1 Ashley Avenue, Epsom Surrey, KT18 5AD (“Ontrack”); and (ii) the applicable Customer placing an order for Ontrack’s services pursuant to the applicable service terms of business (“Terms”).

The Parties have agreed that the terms of this Data Processing Agreement shall apply to the Processing of Personal Data (as defined below) that is required to enable Ontrack to provide the services to the applicable Customer.

Definitions

In this Data Processing Agreement:

Protected Datameans all Personal Data provided to Ontrack by the Customer;
Data Controllerhas the meaning given to that term (or to the term ‘controller’) in Data Protection Laws;
Data Processorhas the meaning given to that term (or to the term ‘processor’) in Data Protection Laws;
Data Protection Lawsmeans all applicable data protection law binding on the Customer, Ontrack and/or in relation to the services including: (i) the GDPR and/or any corresponding or equivalent national laws or regulations; and (ii) in member states of the European Union, all relevant laws or regulations giving effect to or corresponding with the GDPR.
Data Subjecthas the meaning given to that term in Data Protection Laws;
Data Subject Requestmeans a request made by a Data Subject to exercise any rights of Data Subjects under Data Protection Laws;
GDPRmeans the General Data Protection Regulation (EU) 2016/679;
Personal Datahas the meaning given to that term in Data Protection Laws;
Personal Data Breachmeans any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, any Personal Data;
Personnelmeans any current, former or prospective employee, consultant, temporary worker, agency worker, intern, other non-permanent employee, contractor, secondee or other personnel;
Processinghas the meaning given to that term in Data Protection Laws (and related terms such as process have corresponding meanings);
Sub-Processormeans another Data Processor engaged by Ontrack on behalf of the Client for carrying out Processing activities in respect of the Protected Data; and
Supervisory Authoritymeans any local, national or multinational agency, department, official, parliament, public or statutory person or any government or professional body, regulatory or supervisory authority, board or other body responsible for administering Data Protection Laws.

Data Processing provisions

  1. Data Processor and Data Controller
    1. The Parties agree that, in respect of Protected Data, the Customer shall be the Data Controller and Ontrack shall be the Data Processor. It is acknowledged that the Customer shall have sole responsibility for the accuracy, quality, integrity and reliability of any Protected Data and of the means by which it acquired such Protected Data.
    2. The Customer warrants, represents and undertakes, that: (i) all Protected Data used in connection with the services pursuant to the Terms shall comply in all respects with Data Protection Laws; (ii) all instructions given by it to Ontrack in respect of Protected Data shall at all times be in accordance with Data Protection Laws; (iii) it has obtained all necessary consents from any Data Subject whose Personal Data is included within the Protected Data or otherwise has the appropriate legal permission to provide the Protected Data to Ontrack; and (iv) it will comply with the terms of this Data Processing Agreement.
    3. Ontrack warrants, represents and undertakes, that it shall: (i) process the Protected Data only to the extent necessary in connection with the Terms; and (ii) process the Protected Data in accordance with the Customer’s documented instructions and the requirements of Data Protection Laws; (iii) promptly inform the Customer if Ontrack considers that the Customer’s instructions infringe Data Protection Laws, or if Ontrack becomes unable to comply with Customer's instructions regarding the Processing of Protected Data (whether as a result of a change in applicable law, or a change in Customer’s instructions); and (iv) comply with the terms of this Data Processing Agreement.
  2. Instructions and details of Processing
    1. The Processing of Protected Data to be carried out by Ontrack under this Data Processing Agreement shall comprise the Processing as required for Ontrack to provide the services..
  3. Technical and organisational measures
    1. Ontrack shall implement and maintain, at its cost and expense, appropriate technical and organisational measures in relation to the Processing and security of Protected Data in accordance with Data Protection Laws and in accordance with Articles 32-34 of the GDPR in particular.  Ontrack shall ensure that such technical and organisational measures are appropriate to the particular risks that are presented by its Processing activities, in particular to protect Protected Data from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access.
  4. Using Personnel and Sub-Processors
    1. Save as set out in clause 4.2, Ontrack shall not engage any sub-processor for carrying out any processing activities in respect of the Client Data without the Client’s prior written authorisation. In the event that authorisation is provided, prior to making any disclosure to any approved sub-processor, Ontrack shall put in place written terms with the sub-processor which are equivalent to those set out in this Data Processing Agreement. It is acknowledged and accepted that, notwithstanding anything to the contrary in this Agreement, Ontrack shall remain fully liable to the Client for the performance of each sub-processor’s obligations. Ontrack shall inform the Client of any intended changes concerning the addition or replacement of such sub-processors and allow Client a reasonable opportunity to object, on reasonable grounds, to any such changes or replacements.
    2. Approved sub-processors at the date of this Data Processing Agreement are set out at Annex 1.
    3. Ontrack shall ensure the reliability of its Personnel who have access to Protected Data and ensure that they process it only where strictly necessary for the services, ensure that they are fully aware of the measures to be put in place and the steps to be taken when Processing the Protected Data having regard to Data Protection Laws, and ensure that they have committed themselves to protect the confidentiality of the Protected Data including by way of an appropriate obligation of confidentiality (whether by written contract or otherwise) in respect of the Protected Data.
  5. Assistance with the Customer’s compliance and Data Subject rights
    1. Ontrack shall promptly refer all Data Subject Requests it receives to the Customer. Ontrack shall provide such reasonable assistance as the Customer reasonably requires (taking into account the nature of Processing and the information available to Ontrack) to the Customer in ensuring compliance with the Customer’s obligations under Data Protection Laws with respect to: (i) the security of Processing; (ii) data protection impact assessments (as such term is defined in Data Protection Laws); (iii) prior consultation with a Supervisory Authority regarding high risk Processing; and (iv) notifications to the Supervisory Authority and/or communications to Data Subjects by the Customer in response to any Personal Data Breach, provided that, in the event that such assistance is disproportionate in time and resources to Ontrack, Customer shall pay Ontrack’s fees for providing such assistance.
  6. International data transfers
    1. In general, Protected Data is hosted and processed by Ontrack within the European Economic Area (“EEA”).  Notwithstanding this, Ontrack is part of a corporate group that has been accredited by the US Chamber of Commerce under the EU-US and Swiss-US Privacy Shield frameworks.  Accordingly, from time to time, Ontrack may require the transfer of Protected Data outside the EEA in order for Ontrack to effectively provide the services, for example if a specialised service is required.  Such transfers shall be performed in accordance with the requirements of all applicable laws and regulations. Customer acknowledges and agrees to such transfers.
  7. Records, information and audit
    1. Ontrack shall: (i) create; (ii) keep up-to-date; and (ii) maintain, full and accurate records relating to all Processing of Protected Data.
    2. Ontrack shall grant to Customer the right of audit, no more than once per calendar year and on a minimum of 30 (thirty) days written notice, during normal business hours and subject to reasonable confidentiality undertakings being given, to access and take copies of such records relating to Processing of Protected Data and shall provide all reasonable assistance to Customer in exercising its audit rights.  This audit right shall not extend to any third party data centre or other third party facility housing any server equipment where only visual and accompanied inspection is permitted.
    3. Ontrack shall at Customer’s request and expense promptly provide Customer with all information necessary to enable Customer to demonstrate compliance with its obligations under the GDPR, to the extent that Ontrack is able to provide such information.
  8. Breach notification
    1. In respect of any Personal Data Breach involving Protected Data , Ontrack shall, without undue delay: (i) notify the Customer of the Personal Data Breach; and (ii) provide the Customer with details of the Personal Data Breach.
  9. Deletion or return of Personal Data and copies
    1. Ontrack shall, at the Customer’s written request, either delete or return all the Protected Data  to the Customer in such form as the Customer reasonably requests within a reasonable time after the earlier of: (i) the end of the provision of the relevant data recovery services pursuant to the Terms related to Processing; or (ii) once Processing by Ontrack of any Protected Data  is no longer required for the purpose of Ontrack’s performance of its relevant obligations under this Data Processing Agreement, and delete existing copies (unless storage of any Protected Data  is required by applicable law and, if so, Ontrack shall inform the Customer of any such requirement).  Ontrack shall procure that its Sub-Processors shall undertake the same actions with regard to Protected Data.
    2. In the event that Protected Data remains within Ontrack’s possession or control for any period longer than 12 (twelve) months without any active instructions from the Customer, Ontrack shall delete such Protected Data.
  10. Indemnity
    1. Each Party (the “Indemnifying Party”) shall indemnify and keep indemnified the other Party (the “Indemnified Party”) in respect of all claims, demands, actions, settlements, interest, charges, procedures, expenses, losses and damages suffered or incurred by, awarded against or agreed to be paid by, the Indemnified Party arising from or in connection with the Indemnifying Party’s non-compliance with this Data Processing Agreement and/or breach of Data Protection Laws.
  11. Liability
    1. The total liabilities of either Party under this Data Processing Agreement shall in no event exceed the contractual limits set out and agreed in the Terms.
  12. Term and Termination
    1. Unless terminated by agreement of the Parties, this Data Processing Agreement shall commence on the date an order is placed for services pursuant to the Terms and continue in force for so long as Ontrack continues to process Protected Data.
  13. Choice of Law
    1. This Data Processing Agreement shall be subject to the terms of the choice of law provision set out in the Terms.

Date: 1 June 2019

Annex 1 – Sub-Processors and Transfers

Ontrack Product/Business SystemMandatory use of Sub-processorName of Sub-ProcessorLocation of Sub-ProcessorTransfers outside EEAData
Courier servicesNoDHLUKNoOriginal client media, encrypted hard-drive for data return
Courier servicesNoGuardianUKNoOriginal client media, encrypted hard-drive for data return
Customer Management systems (internal)YesNobile (support VISMA system)NorwayNoClient contact data and work history
Out of hours callsNoMessage DirectUKNoCustomer name, contact details, data recovery requirements
Call trackingYesInfinityUKNoCustomer IP address, name, user statistics

Ontrack Data Recovery Services Description

Updated: 1 June 2019

  1. Service Description
    1. Ontrack will recover as much data as possible from one or more damaged data carriers or shall attempt to make them readable again through appropriate measures.
    2. Data recovery is carried out in several possible stages:
      1. The Freeval Evaluation - see section 2 below;
      2. Freeval Evaluation for smartphones and tablets – see section 3 below;
      3. The Diagnosis - as an option - see section 4 below;
      4. Data recovery - see sections 5, 6 and 7 below; and/or
      5. Remote data recovery – see section 8 below.
    3. Despite the greatest care and experience, however, it may not be possible to read deleted and/or damaged data even when using Ontrack’s tools and technologies. Therefore, Ontrack cannot guarantee that data on damaged media can be recovered, repaired or read.
    4. Additionally, even with using the highest technical and processing standards according to the state of the art, the processing operations necessary for data recovery include the risk of partial or complete loss of remaining data and/or the only partial recoverability of data on the damaged media. The customer acknowledges that there remains a risk that: (i) once existing data can no longer be recovered, additional data will be lost; (ii) recovered data can not be used by the customer; (iii) the information content embodied in the data carriers will be destroyed in whole or in part; and (iv) the data carriers, software and other items provided will be damaged, unusable or destroyed.
  2. Freeval Evaluation
    1. The Freeval Evaluation consists of an investigation of the type and extent of the data damage as well as an investigation into the possibilities of data recovery on the data carrier. The first step is to determine whether the damage is logical and/or physical and whether the data carrier must be sent to the clean room laboratory for processing. In addition, an assessment of the expected data recovery result is given.
    2. The Freeval Evaluation can be performed in the laboratory of Ontrack or through a remote connection to the customers own systems using the Ontrack Remote Data Recovery (“RDR”) technology (see section 8).
    3. Ontrack will inform the customer after the Freeval Evaluation how successful the subsequent data recovery measure is expected to be. The following estimations of the expected data recovery result are possible:
      1. Excellent - We expect that most (90-100%) of your raw data can be recovered and will be readable in the respective application.
      2. Good - We expect that a large part of your raw data (50-100%) can be recovered and will be readable in the respective application.
      3. Partial - We expect that a small part of your raw data (less than 50%) can be recovered and will be readable in the respective application.
      4. Unrecoverable - We cannot access the data on your data carrier.
      5. Complex - We are not able to provide an accurate percentage of expected data at this stage. Other data recovery options must be explored.
    4. Freeval Evaluation cannot guarantee compliance with the % thresholds listed under section 2 (3) above as there may be damage which is difficult to detect and which cannot be completely detected by the Freeval Evaluation.
    5. Alongside the estimation of the data recovery, Ontrack will inform the customer how much time is expected to be required to perform the data recovery, together with the applicable price.
    6. At the Customer's request, Ontrack may, after the Freeval Evaluation, carry out an extended Diagnosis, subject to a fee, with the creation of a Verifile File List, in which the amount of data that is expected to be recoverable can be determined more precisely.
    7. If the customer, on the basis of the results of the Freeval Evaluation, places the order for data recovery, Ontrack will perform the data recovery (see section 5).
    8. The customer may decide not to perform the data recovery after the Freeval Evaluation in which case the order is complete. If so requested by the customer when the data recovery order is placed, the data carrier will be returned to the customer for the fee shown in the quotation form. Otherwise, the media will be destroyed.
    9. Depending on the type of media, the Freeval Evaluation may lead to the transfer of the data to another medium and to the destruction of the original media.
  3. Freeval Evaluation for smartphones and tablets
    1. The Freeval Evaluation consists of an investigation of the type and extent of the data damage as well as an investigation into the possibilities of data recovery on the data carrier. The first step is to determine whether the damage is logical and/or physical and whether the data carrier must be sent to the phone laboratory for processing. In addition, an assessment of the expected data recovery result is given.
    2. The Freeval Evaluation will be performed in the laboratory of Ontrack.
    3. Ontrack requires the customer to supply the passcode for the smartphone or tablet.
    4. Ontrack will inform the customer after the Freeval Evaluation how successful the subsequent data recovery measure is expected to be. The following estimations of the expected data recovery result are possible:
      1. Good - We expect to get access to the memory area and recover the data.
      2. Unrecoverable - We are not able to access the memory area and recover any of your data.
      3. Complex - We are not able to provide an indication of whether we can get access to the memory area at this stage. Other data recovery options must be explored and this may require a diagnosis (see section 4)
    5. Freeval Evaluation cannot guarantee compliance with the expected data recovery assessment section 3 (4) above as there may be damage which is difficult to detect and which cannot be completely detected by the Freeval Evaluation.
    6. Alongside the estimation of the data recovery, Ontrack will inform the customer how much time is expected to be required to perform the data recovery, together with the applicable price.
    7. If the customer, on the basis of the results of the Freeval Evaluation, places the order for data recovery, Ontrack will perform the data recovery (see section 5).
    8. The customer may decide not to perform the data recovery after the Freeval Evaluation in which case the order is complete. If so requested by the customer when the data recovery order is placed, the data carrier will be returned to the customer for the fee shown in the quotation form. Otherwise, the (media) smartphone/tablet will be destroyed.
  4. Diagnosis/result of diagnosis
    1. At the customer's request, Ontrack may perform a chargeable diagnosis after the Freeval Evaluation to determine the amount of data that is likely to be recoverable.
      1. In this Diagnosis the type and extent of the data damage, the exact determination of the possibilities of data recovery on the data carriers provided by the customer, and the quantity of the files/data that can probably be recovered shall be determined. Predictions about the readability of data due to other causes of damage are not always reliable or even possible and Ontrack does not offer any guarantee in this respect.
      2. Further, it is not possible to check the usability of the data in connection with the respective application program within the scope of this Diagnosis.
    2. The Diagnosis can be performed in the laboratory of Ontrack or it may be possible through a remote connection to the customers own systems (using the Ontrack RDR technology (see section 8)).
    3. After the Diagnosis, Ontrack will inform the customer which measures are necessary for data recovery, which data/files can be expected to be recovered, what time expenditure is expected to be necessary and the costs that will be incurred for data recovery.
    4. Depending on the type of media, the Diagnosis may lead to the transfer of the data to another media and to the destruction of the original media.
    5. Ontrack will create a detailed file list (Verifile) of the data/files that Ontrack expects to recover. The file list contains an identification of the files with respect to their expected usability:
      1. Green - the data will most likely work/open in the respective application.
      2. Yellow - the data or files are partially corrupted - this may result in the files not being able to be opened and edited in the respective application. It is possible that the damaged files can be repaired but this is not part of the offered data recovery.
      3. Red - the data or files are damaged - this will probably result in the files not being able to be opened and edited in the respective application.
    6. There are special data loss scenarios in which the validity of the coloured statements in the file list (Verifile) is not given. If this is the case, it is indicated in writing in the Diagnosis result.
    7. If the customer decides on the basis of the file list to carry out the data recovery, section 5 below shall apply.
    8. If the customer decides not to carry out the data recovery based on the file list (Verifile) in which case, the order is complete. If so requested by the customer when the order for diagnosis is placed, the data carrier will be returned to the customer for the fee shown in the analysis form. Otherwise, the media will be destroyed.
  5. Data recovery after Freeval Evaluation
    1. If the customer places an order for data recovery based on the results of the Freeval Evaluation and the data recovery offer, Ontrack will carry out the data recovery.
    2. If the Freeval Evaluation was performed remotely, the data recovery can be performed with the Ontrack RDR technology (see section 8).
    3. In addition to the separate data carrier with the recovered data, Ontrack shall return the damaged data carrier, if so requested by the customer when the order for data recovery is placed.
    4. At the customer's request, the damaged data carrier can be stored and securely sealed at Ontrack for a separate charge for the purpose of preserving evidence and stored in the safe.
    5. At the customer's request, Ontrack may delete and/or dispose of the data carrier in accordance with data protection regulations at no charge.
    6. If the amount of data recovered is considerably less than that estimated in the Freeval Evaluation, the order will be deemed unsuccessful.
    7. In circumstances specified in 5(6) above, the customer will have 2 options:

      Option 1. Ontrack will create a detailed file list (Verifile) for the customer free of charge with the data/files that Ontrack expects to be able to recover. The file list contains an indication of the files in terms of their expected usability:
      1. Green - the data will most likely work/open in the respective application.
      2. Yellow - the data or files are partially corrupted - this may result in the files not being able to be opened and edited in the respective application. It may be possible to repair the damaged files, but Ontrack does not offer this.
      3. Red - the data or files are corrupted - this will probably result in the files not being able to be opened and edited in the respective application.
      Option 2. The customer decides not to carry out the data recovery or request a file list (Verifile) in which case the order is complete. If so requested by the customer when the order for data recovery is placed, the data carrier will be returned to the customer for the fee shown in the quotation form. Otherwise, the media will be destroyed.
  6. Data recovery after Diagnosis
    1. If the customer places an order for data recovery on the basis of the diagnostic results and the data recovery offer, Ontrack will carry out the data recovery. In case the Diagnosis was performed remotely, the data recovery can be performed with the Ontrack RDR technology (see section 8).
    2. The customer receives the data presented in the file list (Verifile).
    3. In addition to the separate data carrier with the recovered data, Ontrack will return damaged data carrier, if so requested by the customer when the order for data recovery is placed.
    4. At the customer's request, the damaged data carrier can be stored and securely sealed at Ontrack and stored in the safe against separate invoicing for the purpose of preserving evidence.
    5. At the customer's request, Ontrack shall destroy the data carrier.
  7. Data recovery after Freeval Evaluation for smartphones and tablets
    1. If the customer places an order for data recovery based on the results of the Freeval Evaluation and the data recovery offer, Ontrack will carry out the data recovery.
    2. Upon payment, Ontrack will return the recovered data along with the damaged smartphone/tablet.
    3. At the customer's request, Ontrack may delete and/or dispose of the smartphone/tablet in accordance with data protection regulations at no charge.
    4. If the amount of data recovered is considerably less than that estimated in the Freeval Analysis, the order will be deemed unsuccessful. The smartphone/tablet will be returned to the customer for the fee shown in the evaluation form. Otherwise, the smartphone/tablet will be destroyed.
  8. RDR Remote Data Recovery Service
    1. RDR® is for Remote Data Recovery™ (“RDR”). RDR is a patented technology, allowing Ontrack’s engineers to perform a lab-quality data recovery directly on the Customer’s server, desktop or laptop through a modem or Internet connection. The only requirement is that the storage device is operational. Ontrack’s RDR consists of three main components:
      1. Communications client: The customer initiates a connection to an Ontrack RDR Server using the specially designed RDR Client software. The RDR Client works with commonly used Operating Systems. The drive(s) to be recovered do not need to be from a specific Operating System.
      2. RDR servers: Locations around the world to facilitate connections.
      3. RDR workstation: Used by Ontrack engineers to remote control our tools onto Customer’s machine and recover Customer’s valuable data.
    2. First, the customer downloads the appropriate RDR Client version and installs it on the server, desktop or laptop that will be used for the recovery. Next, the Ontrack Client software connects as an outgoing TCP/IP connection from the Customer’s location to the Ontrack server, creating a tunnel or point to point connection through the internet. Since the connection is likely to use a web connection, it can get through most firewalls without any additional configuration requirements.

      Security of the data is paramount due to Ontrack’s proprietary communication protocol, encrypted packets and secure Ontrack facilities. RDR protects Customer data over an RDR connection four ways:
      1. Direct connection to the RDR server: The client software uses a direct TCP connection from the customer’s machine to the Ontrack RDR server. RDR does not use a 3rd party hosting product
      2. Encryption: The communication link uses 256 bit encryption on all packets
      3. Proprietary protocol: The RDR communication uses a proprietary protocol, not HTTP or any other common protocol that others would understand
      4. No customer data is transferred over the connection: The RDR connection is only used by the Ontrack engineer to remote control the Ontrack utilities directly on the customer’s machine. Screen updates and keyboard packets are sent across the connection, but actual customer data files are not. Instead the Ontrack engineer is controlling tools to repair file system structures to make the data accessible to the customer.
    3. Once the connection is established, either the Freeval Evaluation, or if a data recovery order is made, the recovery service will commence.
  9. Service Levels
    1. For the data recovery order, the customer can choose between the following service levels according to urgency:
      1. 24-hour emergency service - Processing will take place immediately upon receipt of the order, 24 hours a day. The processing time is around the clock until completion and delivery of the data
      2. Express Service - Processing will take place immediately upon receipt of the order from Monday to Saturday from 8.00 a.m. to 6.00 p.m. The processing time is usually 3 days.
      3. Standard Service - The data carrier will be processed after receipt of the order from Monday to Friday between 9.00 a.m. and 5.00 p.m. The processing time is usually 7-10 working days.
      4. Economy service - The data carrier will be processed after receipt of the order from Monday to Friday between 9.00 a.m. and 5.00 p.m. The processing time usually lasts 20 working days.
      5. Home Service - The data carrier will be processed after receipt of the order from Monday to Friday between 9.00 a.m. and 5.00 p.m. The processing time is usually 30 working days.