Jump to: Data Recovery Service | Data Processing Agreement
Data Recovery Service
These Terms and Conditions apply to any confirmed order for Data Recovery Services you (the “Customer“) order from Falcon Data Recovery
1 The Engagement
By confirming an order, Customer engages Falcon Data Recovery (directly or through its suppliers) to provide, with reasonable care and skill, the following services (each an “engagement”): inspecting and evaluating the problem reported by Customer; to the extent reasonably practical, identifying (if not already identified) the problem; and to the extent possible, retrieving the data; any other services requested by Customer and agreed by Falcon Data Recovery from time to time. Falcon Data Recovery will use reasonable endeavours to perform the Data Recovery Services within the timeframe agreed with the Customer or, if no timeframe is agreed, within a reasonable time. Please refer to our FAQs for further information.
Falcon Data Recovery will use any information contained in the data, media and/or equipment provided to Falcon Data Recovery by Customer (“Customer Information”) only for the purpose of fulfilling the engagement and, will otherwise, hold such Customer Information in the strictest confidence. Any Customer Information disclosed by Customer to Falcon Data Recovery as part of the engagement will remain the Customer’s (or relevant owner’s) sole property, and Falcon Data Recovery shall employ reasonable measures to prevent the unauthorised use of such Customer Information, which measures shall not be less than those measures employed by Falcon Data Recovery in protecting its own confidential information. Falcon Data Recovery will not disclose Customer Information except to employees or consultants reasonably requiring such information (and who have secrecy obligations to Falcon Data Recovery) and not to any other party except as required by law. Falcon Data Recovery will employ appropriate technical and organisational measures to safeguard any Customer Information, including personal data, and will act only on the instruction of the Customer with respect to such information. Falcon Data Recovery is part of a worldwide organisation and Customer hereby agrees to the transfer of Customer Information to Falcon Data Recovery affiliates and suppliers worldwide as needed for the sole purpose of performing the engagement.
Customer agrees to pay Falcon Data Recovery all sums due from time to time by Customer and as always previously notified by Falcon Data Recovery in writing which will typically comprise of charges for the services and back up media (if supplied by Falcon Data Recovery). Falcon Data Recovery may under some circumstances ask the Customer to pay for spares (see section 7). All such sums are due and payable in advance by bank transfer, credit or debit card. Customer understands and agrees that credit or debit card details will be processed by PayPal, our payment gateway provider, and will not be stored on Falcon Data Recovery’s systems.
4 The Falcon Data Recovery quality commitment
In this clause, Data means all user files (such as documents, photos, videos and music), but excludes system files such as software programmes and operating systems. For every engagement, Falcon Data Recovery will endeavour to recover 85% or more of the Customer’s Data in the same usable file format as had been previously held on Customer media prior to the data loss incident. In the event that Falcon Data Recovery ascertains that it will be unable to recover 85% or more of Customer’s Data and / or the files have suffered irreparable harm as a result of the data loss incident, then Falcon Data Recovery will communicate such findings to the Customer via email and will ask Customer whether it wishes Falcon Data Recovery to proceed with the recovery. If Customer communicates in writing (including email) that it wishes to proceed, the recovered Data will be sent on a new storage device to Customer by our courier and if requested the Customer’s original media; should Customer decide that it does not want to proceed then Falcon Data Recovery will issue a full refund. Such refund will be credited to Customer no later than 14 days from the day of communicating that Customer does not wish to proceed.
If consent is required of either party for performance of any aspect of the engagement, such consent will be effective if provided in writing (including by email), or verbally if such verbal authorisation if followed by written confirmation at the earliest possible opportunity, and/or email provided receipt of which is acknowledged by the receiving party.
6 Acknowledgment of Existing Condition
By confirming an Order, Customer acknowledges that the equipment/data/media may be damaged prior to Falcon Data Recovery’s receipt, and Customer further acknowledges that the efforts of Falcon Data Recovery to complete the engagement may result in the destruction of or further damage to the equipment/data/media. Falcon Data Recovery will take reasonable care but regrets that it will otherwise not assume responsibility for existing or additional damage that may occur to Customer’s equipment/data/media during Falcon Data Recovery’s efforts to complete the engagement.
7 Internal Hard Drives opened prior to receipt by Falcon Data Recovery
If a Customers internal Hard Disk Drive has been opened by themselves or a third party, for whatever reason prior to sending to Falcon Data Recovery, this may reduce the chance of Falcon Data Recovery achieving a successful recovery. In such instances Falcon Data Recovery would need to upgrade to the Genius service. We will always seek customer approval before upgrading any service.
8 No Other Terms
THESE TERMS SET OUT EVERYTHING THE PARTIES HAVE AGREED, EXCEPT AS EXPRESSLY SET OUT IN THESE TERMS AND SUBJECT ALWAYS TO THE LIMITATIONS BELOW. NOTWITHSTANDING THE FALCON DATA RECOVERY QUALITY COMMITMENT, FALCON DATA RECOVERY MAKES AND CUSTOMER RECEIVES NO EXPRESS REPRESENTATIONS. WARRANTIES OR CONDITIONS (IN ANY MATERIALS OR COMMUNICATION) IN RELATION TO: The standards or results of the service; or the standards, quality, merchantability or fitness for purpose of any goods furnished to the customer by Falcon Data Recovery as part of the services. ANY IMPLIED WARRANTY, CONDITION OR REPRESENTATION IS EXCLUDED TO THE FULLEST EXTENT PERMITTED BY LAW.
9 Limitation of Liability
Falcon Data Recovery does not exclude or limit in any way any liability that cannot be restricted or excluded as a matter of law, and these Terms and Conditions are to be interpreted accordingly. If Falcon Data Recovery fails to take reasonable care in providing the Data Recovery Services, Falcon Data Recovery will use reasonable endeavours to correct its performance and repair any damage caused at no additional cost to the Customer. Alternatively, if it is not possible for Falcon Data Recovery to correct its performance, the Customer will be entitled to an appropriate reduction in the price payable for the Data Recovery Services. If any recovered data is furnished by Falcon Data Recovery to the Customer on a durable medium as part of the Data Recovery Services, such durable medium will be of satisfactory quality and reasonably fit for the purpose for which Falcon Data Recovery has provided such durable medium to the Customer, for a reasonable period following delivery of such durable medium to the Customer. If such durable medium does not conform to the standards set out in this section, Falcon Data Recovery ’s sole liability, and the Customer’s sole remedy, in respect of such non-conforming good is repair or replacement of the relevant durable medium at the sole cost of Falcon Data Recovery. However, it is the responsibility of the Customer to maintain a backup copy of any recovered data at all times. UNDER NO CIRCUMSTANCES WILL FALCON DATA RECOVERY ACCEPT ANY LIABILITY FOR ANY OF THE FOLLOWING WHATEVER THE CAUSE, SUBJECT TO TAKING REASONABLE SKILL AND CARE, LOSS OF OR DAMAGE TO DATA LOSS OF PROFITS, SALES, BUSINESS OR REVENUES ANY INDIRECT OR CONSEQUENTIAL LOSS, COST OR EXPENSE OF ANY NATURE WHATSOEVER Falcon Data Recovery’s total liability (in contract, negligence or otherwise) to Customer in connection with any Data Recovery Services shall in no event exceed the total sums payable under the relevant engagement by Customer to Falcon Data Recovery. Where Customer instructs its own shipping company for shipping of any Customer media to Falcon Data Recovery, then Falcon Data Recovery shall not assume any liability whatsoever in case the device/media suffers any damage and/or loss during shipping. Falcon Data Recovery recommends that Customer takes out insurance to cover any risks.
10 Customer’s Representation and Indemnification
Falcon Data Recovery is not liable to any third party for any loss such third party may suffer in connection with the Data Recovery Services, including but not limited to any damage to, or loss or disclosure of, any equipment, data (including any incidental data stored on any equipment) or media furnished to Falcon Data Recovery by the Customer in connection with the Data Recovery Services. Customer warrants and undertakes to Falcon Data Recovery that it is the owner of, and/or has the right to be in possession of, all equipment, data or media furnished to Falcon Data Recovery, that it has the full authority to engage Falcon Data Recovery to perform the Data Recovery Services for such equipment, data or media and that the collection, possession, processing and transfer of such equipment data or media as part of the Data Recovery Services is in compliance with data protection laws to which Customer is subject. The Customer further warrants and undertakes that it will only use the Data Recovery Services for its own use (being, where Customer is a consumer, personal domestic and private use and, where Customer is a business, for internal use by Customer’s business) and will not resell Falcon Data Recovery ’s services to any third party or pass off (or attempt to pass off) any of Falcon Data Recovery ’s services as its own. Customer will defend, at its expense, indemnify, and hold Falcon Data Recovery harmless against any damages or expenses that may occur (including reasonable legal fees), and pay any cost, damages, or attorneys’ fees awarded against Falcon Data Recovery resulting from Customer’s breach of this section.
11 Abandonment and disposal of equipment/data/media
If the Customer fails to provide Falcon Data Recovery with adequate instructions or payment for the return of any data, media, equipment or hardware (including but not limited to provision of an up-to-date address for delivery), Falcon Data Recovery will retain such items for ninety (90) days following a response deadline following which the items will be considered abandoned by the Customer and will be disposed of or destroyed (including all data or media containing data) in the sole discretion of Falcon Data Recovery.
12 Other Terms
13 Data Protection
Data Processing Agreement
The General Data Protection Regulation (GDPR) No. 2016/679 came into effect on 24 May 2016. Consequently, within the European Economic Area (EEA), a number of new obligations will be in force concerning the protection and processing of personal data.
Falcon Data Recovery
This Data Processing Agreement (“Agreement”) forms part of the Contract for Services (“Principal Agreement”) between:
- Falcon Data Recovery, Suite A, 82 James Carter Road, Mildenhall, Suffolk, IP28 7DE, hereafter referred to as Falcon Data Recovery, Service Provider or Data Processor
- The Client or Data Controller who orders the data recovery service within an already existing main agreement, either:
- the data recovery service terms and conditions
- a specific contract or agreement
Together as the “Parties“.
A) The Client acts as a Data Controller.
B) The Client wishes to subcontract certain Services, which imply the processing of personal data, to the Data Processor.
C) The Parties seek to implement a data processing agreement that complies with the requirements of the current legal framework in relation to data processing and with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
D) The Parties wish to lay down their rights and obligations.
1 Processing of personal data
1.1 The processor must only act on the controller’s documented instructions, unless required by law to act without such instructions.
1.2 The processor must delete, anonymise or return all personal data to the controller (at the controller’s choice) at the end of the contract, and the processor must also delete or anonymise existing personal data unless the law requires its storage.
1.3 The processor must submit to audits and inspections. The processor must also give the controller whatever information it needs to ensure they are both meeting their Article 28 obligations.
1.4 The Processor must inform the Controller if the processing instructions infringe GDPR.
1.5 The Processor must help the Controller to comply with data subjects rights.
1.6 The Processor must cooperate with the relevant Data Protection Authorities in the event of an enquiry.
1.7 The Processor must keep records of all processing activities.
2 Duration of processing
2.1 The duration of processing will be from when the order is raised, until a period of 6 months after the order had been completed and returned to the client. Personal data may be kept on the processor’s system for a period of 6 months to allow for after service enquiries. After this period the processor will delete or anonymise the data.
3 Nature of processing
3.1 The Service Provider receives the Data Subject’s personal data when the client books the job on the Service Provider’s website or web portal, or on their behalf via telephone.
3.2 The data is then used in the processing of the order in execution of obligations derived from the principal agreement and this data processing agreement. The service provider is free to determine the means they use to process the personal data.
4 Type and categories of data processed
|Categories of Data Subjects||Data Subject|
|Personal Data||Client: Contact name, address, phone number, email address.|
Data Subject: Name, email address, phone number, email address.
|Processing of personal data||In order to make the communications opposable: processing of orders, entering in to contracts, complying with legal obligations, billing, processing of shipments.|
|Retention Period||Client: On going to allow the booking and processing of orders.|
Data subject: The duration of the order and in addition 6 months for follow up enquiries.
|Destruction||Client: On request.|
Data subject: Destroyed or anonymised after 6 months.
5 Obligations and rights
5.1 The Data Processor and Data Controller both keep a record of the processing operations carried out under their responsibility (article 30 paragraph 1 GDPR).
5.2 Both parties guarantee that the processing of personal data under their management is carried out in accordance with article 6 GDPR (Lawfulness of processing).
5.3 Both parties guarantee that the content, use and the contract for processing operations according to this Data Processing Agreement are not unlawful and will not violate any rights of Third Parties.
5.4 Both parties will each take the appropriate technical and organisational measures in order to secure personal data against loss or any form of unlawful Processing, in accordance with article 24 GDPR. These measures guarantee, keeping into account the state of technology and the costs and purposes (article 25 GDPR), an appropriate level of security, considering the risks the Processing and the nature of the Personal data that have to be protected entail. Parties must also ensure that third parties and/or personnel under their control are aware of the content of this Data Processing Agreement and that they are committed to complying with a processing agreement and/or confidentiality.
5.5 Both parties will inform the other Party without delay in case of a breach concerning personal data which may impact the processing operations of the latter Party. Parties will also act in good faith in order to prevent, track and report breaches concerning personal data (if legally obligated).
5.6 Parties will also take all reasonable commercial steps to mutually assist one another with the investigation, the limitation and the remedy of any breach concerning personal data.
6 Processor Personnel
6.1 The processor shall take reasonable steps to ensure the reliability of any employee, agent or contractor of any Contracted Processor who may have access to the Client or data subject’s personal data, ensuring in each case that access is strictly limited to those individuals who need to know / access the relevant Client or data subject’s personal data, as strictly necessary for the purposes of the Principal Agreement, and to comply with Applicable Laws in the context of that individual’s duties to the Contracted Processor, ensuring that all such individuals are subject to confidentiality undertakings or professional or statutory obligations of confidentiality
7.1 Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the processor shall in relation to the Client or data subject’s personal data implement appropriate technical and organisational measures to ensure a level of security appropriate to that risk, including, as appropriate, the measures referred to in Article 32(1) of the GDPR.
7.2 In assessing the appropriate level of security, the processor shall take account in particular of the risks that are presented by processing, in particular from a Personal Data Breach.
8.1 Processor shall not appoint (or disclose any client or data subject Personal Data to) any Sub-processor unless required or authorized by the client.
9 Data Subject Rights
9.1 Taking into account the nature of the processing, the processor shall assist the client by implementing appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Client obligations, as reasonably understood by the client, to respond to requests to exercise Data Subject rights under the Data Protection Laws.
9.2 Processor shall:
- promptly notify the client if it receives a request from a Data Subject under any Data Protection Law in respect of client or data subject Personal Data; and
- ensure that it does not respond to that request except on the documented instructions of the client or as required by Applicable Laws to which the processor is subject, in which case the processor shall to the extent permitted by Applicable Laws inform the client of that legal requirement before the Contracted Processor responds to the request
10 Personal Data Breach
10.1 The processor shall notify client without undue delay upon the processor becoming aware of a Personal Data Breach affecting the client or data subject Personal Data, providing client with sufficient information to allow the client to meet any obligations to report or inform Data Subjects of the Personal Data Breach under the Data Protection Laws.
10.2 The processor shall co-operate with the client and take reasonable commercial steps as are directed by the client to assist in the investigation, mitigation and remediation of each such Personal Data Breach.
11 Data Protection Impact Assessment
11.1 The processor shall provide reasonable assistance to the Client with any data protection impact assessments, and prior consultations with Supervising Authorities or other competent data privacy authorities, which the client reasonably considers to be required by article 35 or 36 of the GDPR or equivalent provisions of any other Data Protection Law, in each case solely in relation to Client or data subject Personal Data by, and taking into account the nature of the Processing and information available to, the Contracted Processors.
11.2 Deletion or return of Client and/or data subject Personal Data.
11.3 The Processor shall promptly and in any event within 10 business days of the date of cessation of any Services involving the Processing of client and data subject Personal Data (the “Cessation Date”), delete and procure the deletion of all copies of those client and company personal data.
12 Audit Rights
12.1 The Processor shall make available to the client on request all information necessary to demonstrate compliance with this Agreement, and shall allow for and contribute to audits, including inspections, by the client or an auditor mandated by the client in relation to the Processing of the client and data subject Personal Data by the Contracted Processors.
12.2 Information and audit rights of the client only arise under section 12.1 to the extent that the Agreement does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection Law.
13 Data Transfer
13.1 The processor may not transfer or authorize the transfer of Data to countries outside the EU and/or the European Economic Area (EEA) without the prior written consent of the Company. If personal data processed under this Agreement is transferred from a country within the European Economic Area to a country outside the European Economic Area, the Parties shall ensure that the personal data are adequately protected. To achieve this, the Parties shall, unless agreed otherwise, rely on EU approved standard contractual clauses for the transfer of personal data
13.2 The Processor must comply with EU trans-border data transfer rules.
14 General Terms
14.1 Each Party must keep this Agreement and information it receives about the other Party and its business in connection with this Agreement (“Confidential Information”) confidential and must not use or disclose that Confidential Information without the prior written consent of the other Party except to the extent that:
- disclosure is required by law;
- the relevant information is already in the public domain.
14.2 All notices and communications given under this Agreement must be in writing and will be delivered personally, sent by post or sent by email to the address or email address set out in the heading of this Agreement at such other address as notified from time to time by the Parties changing address.
15 Governing Law and Jurisdiction
15.1 This Agreement is governed by English law.
15.2 Any dispute arising in connection with this Agreement, which the Parties will not be able to resolve amicably, will be submitted to the exclusive jurisdiction of the courts of England and Wales, subject to possible appeal to the High Court in London.
This Agreement is entered into with effect:
When a client submits an order and confirms agreement to our terms and conditions.
Means this Data Processing Agreement and all Schedules
Company Personal Data
Means any Personal Data Processed by a Contracted Processor on behalf of Company pursuant to or in connection with the Principal Agreement
Means a Subprocessor
Data Protection Laws
Means EU Data Protection Laws and, to the extent applicable, the data protection or privacy laws of any other country
Means the European Economic Area
EU Data Protection Laws
Means EU Directive 95/46/EC, as transposed into domestic legislation of each Member State and as amended, replaced or superseded from time to time, including by the GDPR and laws implementing or supplementing the GDPR
Means EU General Data Protection Regulation 2016/679
Data TransferA transfer of Company Personal Data from the Company to a Contracted Processor; or 2 an onward transfer of Company Personal Data from a Contracted Processor to a Subcontracted Processor, or between two establishments of a Contracted Processor, in each case, where such transfer would be prohibited by Data Protection Laws (or by the terms of data transfer agreements put in place to address the data transfer restrictions of Data Protection Laws)
Means the Data Recovery services the Company providesSubprocessorMeans any person appointed by or on behalf of Processor to process Personal Data on behalf of the Company in connection with the Agreement
The terms, “Commission”, “Controller”, “Data Subject”, “Member State”, “Personal Data”, “Personal Data Breach”, “Processing” and “Supervisory Authority”
All have the same meaning as in the GDPR, and their cognate terms shall be construed accordingly