Data Recovery Service Terms and Conditions

Data Recovery Service

These Terms and Conditions apply to any confirmed order for Data Recovery Services you (the “Customer“) order from Lazarus Data Recovery

1 The Engagement

By confirming an order, Customer engages Lazarus (directly or through its suppliers) to provide, with reasonable care and skill, the following services (each an “engagement”): inspecting and evaluating the problem reported by Customer; to the extent reasonably practical, identifying (if not already identified) the problem; and to the extent possible, retrieving the data; any other services requested by Customer and agreed by Lazarus from time to time. Lazarus will use reasonable endeavours to perform the Data Recovery Services within the timeframe agreed with the Customer or, if no timeframe is agreed, within a reasonable time. Please refer to our FAQs for further information.

2 Confidentiality

Lazarus will use any information contained in the data, media and/or equipment provided to Lazarus by Customer (“Customer Information”) only for the purpose of fulfilling the engagement and, will otherwise, hold such Customer Information in the strictest confidence. Any Customer Information disclosed by Customer to Lazarus as part of the engagement will remain the Customer’s (or relevant owner’s) sole property, and Lazarus shall employ reasonable measures to prevent the unauthorised use of such Customer Information, which measures shall not be less than those measures employed by Lazarus in protecting its own confidential information. Lazarus will not disclose Customer Information except to employees or consultants reasonably requiring such information (and who have secrecy obligations to Lazarus ) and not to any other party except as required by law. Lazarus will employ appropriate technical and organisational measures to safeguard any Customer Information, including personal data, and will act only on the instruction of the Customer with respect to such information. Lazarus is part of a worldwide organisation and Customer hereby agrees to the transfer of Customer Information to Lazarus affiliates and suppliers worldwide as needed for the sole purpose of performing the engagement.

3 Payment

Customer agrees to pay Lazarus all sums due from time to time by Customer and as always previously notified by Lazarus in writing which will typically comprise of charges for the services and back up media (if supplied by Lazarus). Lazarus may under some circumstances ask the Customer to pay for spares (see section 7). All such sums are due and payable in advance by PayPal account, credit or debit card. Customer understands and agrees that credit or debit card details will be processed by PayPal, our payment gateway provider, and will not be stored on Lazarus’s systems.

4 The Lazarus quality commitment

In this clause, Data means all user files (such as documents, photos, videos and music), but excludes system files such as software programmes and operating systems. For every engagement, Lazarus will endeavour to recover 85% or more of the Customer’s Data in the same usable file format as had been previously held on Customer media prior to the data loss incident. In the event that Lazarus ascertains that it will be unable to recover 85% or more of Customer’s Data and / or the files have suffered irreparable harm as a result of the data loss incident, then Lazarus will communicate such findings to the Customer via email and will ask Customer whether it wishes Lazarus to proceed with the recovery. If Customer communicates in writing (including email) that it wishes to proceed, the recovered Data will be sent on a new storage device to Customer by our courier (Or collected by Customer) and if requested the Customer’s original media; should Customer decide that it does not want to proceed then Lazarus will return the drive to Customer. All items are returned at the fixed carriage price (Unless the item is being collected by Customer or securely destroyed on-site).

5 Consent

If consent is required of either party for performance of any aspect of the engagement, such consent will be effective if provided in writing (including by email), or verbally if such verbal authorisation if followed by written confirmation at the earliest possible opportunity, and/or email provided receipt of which is acknowledged by the receiving party.

6 Acknowledgment of Existing Condition

By confirming an Order, Customer acknowledges that the equipment/data/media may be damaged prior to Lazarus’s receipt, and Customer further acknowledges that the efforts of Lazarus to complete the engagement may result in the destruction of or further damage to the equipment/data/media. Lazarus will take reasonable care but regrets that it will otherwise not assume responsibility for existing or additional damage that may occur to Customer’s equipment/data/media during Lazarus’s efforts to complete the engagement.

7 Internal Hard Drives opended prior to receipt by Lazarus

If a Customers internal Hard Disk Drive has been opended by themselves or a third party, for whatever reason prior to sending to Lazarus, this may reduce the chance of Lazarus achieving a successful recovery. In such instances Lazarus would need to ugrade to the Advanced Plus service. We will always seek customer approval before upgrading any service.

8 No Other Terms.

THESE TERMS SET OUT EVERYTHING THE PARTIES HAVE AGREED, EXCEPT AS EXPRESSLY SET OUT IN THESE TERMS AND SUBJECT ALWAYS TO THE LIMITATIONS BELOW. NOTWITHSTANDING THE LAZARUS QUALITY COMMITMENT, LAZARUS MAKES AND CUSTOMER RECEIVES NO EXPRESS REPRESENTATIONS. WARRANTIES OR CONDITIONS (IN ANY MATERIALS OR COMMUNICATION) IN RELATION TO: The standards or results of the service; or The standards, quality, merchantability or fitness for purpose of any goods furnished to the customer by Lazarus as part of the services. ANY IMPLIED WARRANTY, CONDITION OR REPRESENTATION IS EXCLUDED TO THE FULLEST EXTENT PERMITTED BY LAW.

9 Limitation of Liability

Lazarus does not exclude or limit in any way any liability that cannot be restricted or excluded as a matter of law, and these Terms and Conditions are to be interpreted accordingly. If Lazarus fails to take reasonable care in providing the Data Recovery Services, Lazarus will use reasonable endeavours to correct its performance and repair any damage caused at no additional cost to the Customer. Alternatively, if it is not possible for Lazarus to correct its performance, the Customer will be entitled to an appropriate reduction in the price payable for the Data Recovery Services. If any recovered data is furnished by Lazarus to the Customer on a durable medium as part of the Data Recovery Services, such durable medium will be of satisfactory quality and reasonably fit for the purpose for which Lazarus has provided such durable medium to the Customer, for a reasonable period following delivery of such durable medium to the Customer. If such durable medium does not conform to the standards set out in this section, Lazarus ’s sole liability, and the Customer’s sole remedy, in respect of such non-conforming good is repair or replacement of the relevant durable medium at the sole cost of Lazarus. However, it is the responsibility of the Customer to maintain a backup copy of any recovered data at all times. UNDER NO CIRCUMSTANCES WILL LAZARUS ACCEPT ANY LIABILITY FOR ANY OF THE FOLLOWING WHATEVER THE CAUSE, SUBJECT TO TAKING REASONABLE SKILL AND CARE, LOSS OF OR DAMAGE TO DATA LOSS OF PROFITS, SALES, BUSINESS OR REVENUES ANY INDIRECT OR CONSEQUENTIAL LOSS, COST OR EXPENSE OF ANY NATURE WHATSOEVER Lazarus ’s total liability (in contract, negligence or otherwise) to Customer in connection with any Data Recovery Services shall in no event exceed the total sums payable under the relevant engagement by Customer to Lazarus. Where Customer instructs its own shipping company for shipping of any Customer media to Lazarus, then Lazarus shall not assume any liability whatsoever in case the device/media suffers any damage and/or loss during shipping. Lazarus recommends that Customer takes out insurance to cover any risks.

10 Customer’s Representation and Indemnification

Lazarus is not liable to any third party for any loss such third party may suffer in connection with the Data Recovery Services, including but not limited to any damage to, or loss or disclosure of, any equipment, data (including any incidental data stored on any equipment) or media furnished to Lazarus by the Customer in connection with the Data Recovery Services. Customer warrants and undertakes to Lazarus that it is the owner of, and/or has the right to be in possession of, all equipment, data or media furnished to Lazarus, that it has the full authority to engage Lazarus to perform the Data Recovery Services for such equipment, data or media and that the collection, possession, processing and transfer of such equipment data or media as part of the Data Recovery Services is in compliance with data protection laws to which Customer is subject. The Customer further warrants and undertakes that it will only use the Data Recovery Services for its own use (being, where Customer is a consumer, personal domestic and private use and, where Customer is a business, for internal use by Customer’s business) and will not resell Lazarus ’s services to any third party or pass off (or attempt to pass off) any of Lazarus ’s services as its own. Customer will defend, at its expense, indemnify, and hold Lazarus harmless against any damages or expenses that may occur (including reasonable legal fees), and pay any cost, damages, or attorneys’ fees awarded against Lazarus resulting from Customer’s breach of this section.

11 Abandonment and disposal of equipment/data/media

If the Customer fails to provide Lazarus with adequate instructions or payment for the return of any data, media, equipment or hardware (including but not limited to provision of an up-to-date address for delivery), Lazarus will retain such items for ninety (90) days following a response deadline following which the items will be considered abandoned by the Customer and will be disposed of or destroyed (including all data or media containing data) in the sole discretion of Lazarus.

12 Other Terms

These Terms and Conditions and all associated contracts are governed by English Law and any related dispute or claim will be determined by the English courts (provided that this shall not exclude the right of a consumer in Scotland and Northern Ireland to bring claims there). The parties agree that if any provision of these Terms and Conditions is held unenforceable, the validity of the remaining portions or provisions of these Terms and Conditions shall not be affected. Any revision or modification of these Terms and Conditions shall be effective only if it refers to these Terms and Conditions, in writing, and is signed by an authorised representative of each party. Before confirming your order, check the order and these Terms and Conditions carefully, and print or save a copy of these Terms and Conditions for future reference. By clicking ‘I have read and agree’ via the Lazarus order process or, if your order was placed with a Lazarus agent by phone, chat or email, by sending your drive to Lazarus, Customer agrees that it accepts these Terms and Conditions for the engagement. Acceptance of these Terms and Conditions is effective to bind the Customer and as such is admissible in any court and/or for any lawful purpose. These Terms and Conditions, together with any details set out in the order process, and our Privacy Policy constitutes the whole Agreement between the parties in relation to this subject matter. Terms of purchase of the Customer are excluded.

13 Data Protection

The information provided by Customer, will be held, used and processed according to our Privacy Policy and the GDPR Data Processing Agreement below.

Data Processing Agreement

Introduction

The General Data Protection Regulation (GDPR) No. 2016/679 came into effect on 24 May 2016. Consequently, within the European Economic Area (EEA), a number of new obligations will be in force concerning the protection and processing of personal data.

Lazarus DataRecovery Ltd

This Data Processing Agreement (“Agreement”) forms part of the Contract for Services (“Principal Agreement”) between:

1. Lazarus DataRecovery Ltd, Unit 2a, Church Farm, Astwick, Stotfold, Hertfordshire, SG5 4BH, hereafter referred to as Lazarus, Service Provider or Data Processor
2. The Client or Data Controller who orders the data recovery service within an already existing main agreement, either:
   1. the data recovery service terms and conditions
   2. a specific contract or agreement

Together as the "Parties".

WHEREAS

A) The Client acts as a Data Controller.

B) The Client wishes to subcontract certain Services, which imply the processing of personal data, to the Data Processor.

C) The Parties seek to implement a data processing agreement that complies with the requirements of the current legal framework in relation to data processing and with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

D) The Parties wish to lay down their rights and obligations.

1 Processing of personal data

1.1 The processor must only act on the controller’s documented instructions, unless required by law to act without such instructions.

1.2 The processor must delete, anonymise or return all personal data to the controller (at the controller’s choice) at the end of the contract, and the processor must also delete or anonymise existing personal data unless the law requires its storage.

1.3 The processor must submit to audits and inspections. The processor must also give the controller whatever information it needs to ensure they are both meeting their Article 28 obligations.

1.4 The Processor must inform the Controller if the processing instructions infringe GDPR.

1.5 The Processor must help the Controller to comply with data subjects rights.

1.6 The Processor must cooperate with the relevant Data Protection Authorities in the event of an enquiry.

1.7 The Processor must keep records of all processing activities.

2 Duration of processing

2.1 The duration of processing will be from when the order is raised, until a period of 6 months after the order had been completed and returned to the client. Personal data may be kept on the processor’s system for a period of 6 months to allow for after service enquiries. After this period the processor will delete or anonymise the data.

3 Nature of processing

3.1 The Service Provider receives the Data Subject’s personal data when the client books the job on the Service Provider’s website or web portal.

3.2 The data is then used in the processing of the order in execution of obligations derived from the principal agreement and this data processing agreement. The service provider is free to determine the means they use to process the personal data.

4 Type and categories of data processed

Categories of Data Subjects	Data Subject
Personal Data	Client: Contact name, address, phone number, email address, VAT Number Data Subject: Name, email address, phone number, email address.
Processing of personal data	In order to make the communications opposable: processing of orders, entering in to contracts, complying with legal obligations, billing, processing of shipments.
Retention Period	Client: On going to allow the booking and processing of orders. Data subject: The duration of the order and in addition 6 months for follow up enquiries.
Destruction	Client: On request. Data subject: Destroyed or anonymised after 6 months.

5 Obligations and rights

5.1 The Data Processor and Data Controller both keep a record of the processing operations carried outunder their responsibility (article 30 paragraph 1 GDPR).

5.2 Both parties guarantee that the processing of personal data under their management is carried out in accordance with article 6 GDPR (Lawfulness of processinp.

5.3 Both parties guarantee that the content, use and the contract for processing operations according to this Data Processing Agreement are not unlawful and will not violate any rights of Third Parties.

5.4 Both parties will each take the appropriate technical and organisational measures in order to secure personal data against loss or any form of unlawful Processing, in accordance with article 24 GDPR. These measures guarantee, keeping into account the state of technology and the costs and purposes (article 25 GDPR), an appropriate level of security, considering the risks the Processing and the nature of the Personal data that have to be protected entail. Parties must also ensure that third parties and/or personnel under their control are aware of the content of this Data Processing Agreement and that they are committed to complying with a processing agreement and/or confidentiality.

5.5 Both parties will inform the other Party without delay in case of a breach concerning personal data which may impact the processing operations of the latter Party. Parties will also act in good faith in order to prevent, track and report breaches concerning personal data (if legally obligated).

5.6 Parties will also take all reasonable commercial steps to mutually assist one another with the investigation, the limitation and the remedy of any breach concerning personal data.

6 Processor Personnel

6.1 The processor shall take reasonable steps to ensure the reliability of any employee, agent or contractor of any Contracted Processor who may have access to the Client or data subject’s personal data, ensuring in each case that access is strictly limited to those individuals who need to know / access the relevant Client or data subject’s personal data, as strictly necessary for the purposes of the Principal Agreement, and to comply with Applicable Laws in the context of that individual’s duties to the Contracted Processor, ensuring that all such individuals are subject to confidentiality undertakings or professional or statutory obligations of confidentiality

7 Security

7.1 Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the processor shall in relation to the Client or data subject’s personal data implement appropriate technical and organisational measures to ensure a level of security appropriate to that risk, including, as appropriate, the measures referred to in Article 32(1) of the GDPR.

7.2 In assessing the appropriate level of security, the processor shall take account in particular of the risks that are presented by processing, in particular from a Personal Data Breach.

8 Sub-processing

8.1 Processor shall not appoint (or disclose any client or data subject Personal Data to) any Subprocessor unless required or authorized by the client.

9 Data Subject Rights

9.1 Taking into account the nature of the processing, the processor shall assist the client by implementing appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Client obligations, as reasonably understood by the client, to respond to requests to exercise Data Subject rights under the Data Protection Laws.

9.2 Processor shall:

1. promptly notify the client if it receives a request from a Data Subject under any Data Protection Law in respect of client or data subject Personal Data; and
2. ensure that it does not respond to that request except on the documented instructions of the client or as required by Applicable Laws to which the processor is subject, in which case the processor shall to the extent permitted by Applicable Laws inform the client of that legal requirement before the Contracted Processor responds to the request

10 Personal Data Breach

10.1 The processor shall notify client without undue delay upon the processor becoming aware of a Personal Data Breach affecting the client or data subject Personal Data, providing client with sufficient information to allow the client to meet any obligations to report or inform Data Subjects of the Personal Data Breach under the Data Protection Laws.

10.2 The processor shall co-operate with the client and take reasonable commercial steps as are directed by the client to assist in the investigation, mitigation and remediation of each such Personal Data Breach.

11 Data Protection Impact Assessment

11.1 The processor shall provide reasonable assistance to the Client with any data protection impact assessments, and prior consultations with Supervising Authorities or other competent data privacy authorities, which the client reasonably considers to be required by article 35 or 36 of the GDPR or equivalent provisions of any other Data Protection Law, in each case solely in relation to Client or data subject Personal Data by, and taking into account the nature of the Processing and information available to, the Contracted Processors.

11.2 Deletion or return of Client and/or data subject Personal Data.

11.3 The Processor shall promptly and in any event within 10 business days of the date of cessation of any Services involving the Processing of client and data subject Personal Data (the “Cessation Date”), delete and procure the deletion of all copies of those client and company personal data.

12 Audit Rights

12.1 The Processor shall make available to the client on request all information necessary to demonstrate compliance with this Agreement, and shall allow for and contribute to audits, including inspections, by the client or an auditor mandated by the client in relation to the Processing of the client and data subject Personal Data by the Contracted Processors.

12.2 Information and audit rights of the client only arise under section 12.1 to the extent that the Agreement does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection Law.

13 Data Transfer

13.1 The processor may not transfer or authorize the transfer of Data to countries outside the EU and/or the European Economic Area (EEA) without the prior written consent of the Company. If personal data processed under this Agreement is transferred from a country within the European Economic Area to a country outside the European Economic Area, the Parties shall ensure that the personal data are adequately protected. To achieve this, the Parties shall, unless agreed otherwise, rely on EU approvedstandard contractual clauses for the transfer of personal data

13.2 The Processor must comply with EU trans-border data transfer rules.

14 General Terms

14.1 Each Party must keep this Agreement and information it receives about the other Party and its business in connection with this Agreement (“Confidential Information”) confidential and must not use or disclose that Confidential Information without the prior written consent of the other Party except to the extent that:

1. disclosure is required by law;
2. the relevant information is already in the public domain.

14.2 All notices and communications given under this Agreement must be in writing and will be delivered personally, sent by post or sent by email to the address or email address set out in the heading of this Agreement at such other address as notified from time to time by the Parties changing address.

15 Governing Law and Jurisdiction

15.1 This Agreement is governed by English law.

15.2 Any dispute arising in connection with this Agreement, which the Parties will not be able to resolve amicably, will be submitted to the exclusive jurisdiction of the courts of England and Wales, subject to possible appeal to the High Court in London.

This Agreement is entered into with effect:

When a client submits an online order and confirms agreement to our terms and conditions.

OR

When a client joins our online partner program via our web portal and agrees to our terms and conditions.

---

Annex