38. When supplying the Services to the customer, the Service Provider may gain access to and/or acquire the ability to transfer, store or process personal data of employees of the customer.
39. The parties agree that where such processing of personal date takes place, the Customer shall be the 'Data Controller','Data Processor' and 'Data Subject' shall have the same meaning as in the GDPR.
41. The Service Provider Shall Only Process Personal Data to the extent reasonably to enable it to supply the Service as mentioned in these terms and conditions or as requested by and agreed with the Customer, shall not retain any Personal Data longer than necessary for the Processing and refrain from Processing any Personal Data for its own or for any third party's purposes.
42. The Service Provider shall not disclose Personal Data to any third parties other than employees,directors,agents,subcontractors or advisors or a strict 'need-to-know' basis and only under the same (or more extensive) conditions as set out in these terms and conditions or to the extent required by applicable legislation and/regulations.
43. The Service Provider shall implement and maintain technical and organizational security measures as are required to protect Personal Data Processed by the Service Provider on behalf of the Customer.
44. Further Information about the Service Provider's approach to data protection is specified in its Data Protection Policy, which can be found on our Website. For any inquiries or complaints regarding date privacy, you can contact our Data Protection Officer at the following email address: Management@hrvis.uk