Data Protection Policy

When supplying the Services to the Customer, the Service Provider may gain access to and/or acquire the ability to

transfer, store or process personal data of employees of the Customer.

The parties agree that where such processing of personal data takes place, the Customer shall be the 'data controller'

and the Service Provider shall be the 'data processor' as defined in the General Data Protection Regulation (GDPR) as

may be amended, extended and/or re-enacted from time to time.

For the avoidance of doubt, 'Personal Data', 'Processing', 'Data Controller', 'Data Processor' and 'Data Subject' shall

have the same meaning as in the GDPR.

The Service Provider shall only Process Personal Data to the extent reasonably required to enable it to supply the

Services as mentioned in these terms and conditions or as requested by and agreed with the Customer, shall not retain

any Personal Data longer than necessary for the Processing and refrain from Processing any Personal Data for its own

or for any third party's purposes.

The Service Provider shall not disclose Personal Data to any third parties other than employees, directors, agents, subcontractors

or advisors on a strict 'need-to-know' basis and only under the same (or more extensive) conditions as set

out in these terms and conditions or to the extent required by applicable legislation and/or regulations.

The Service Provider shall implement and maintain technical and organisational security measures as are required to

protect Personal Data Processed by the Service Provider on behalf of the Customer.

Further information about the Service Provider's approach to data protection are specified in its Data Protection Policy,

which can be found on application from our office. For any enquiries or complaints regarding data privacy, you can

contact our Data Protection Officer at the following e-mail address: gary@rmuk.com.