• Supplier hosts the Supplier Data
• Supplier receives and processes Client Information in its capacity as Controller
• Client Information includes Personal Data
• The Supplier is based in the UK
• The Supplier is located within the EEA

The Supplier Data that GBG uses to provide item check CIFAS Fraud Check Data is supplied by CIFAS. GBG is obliged under the terms of its agreement with CIFAS to ensure that all End Users agree to comply with the following provisions:

1. DEFINITIONS
1.1. In these Additional Terms, the following definitions shall apply, in addition to the definitions set out in the General Terms:
“CIFAS Data” means (a) the information received from Members which is processed by CIFAS concerning identified and confirmed frauds (including staff frauds), which contains Personal Data linked to such frauds and is used for crime prevention and/or detection purposes and (b) the information received from potential victims seeking the protection of CIFAS;
“CIFAS Portal” means the library of web service operations that enables an agency to access CIFAS Data for onward provision to CIFAS Members;
“CIFAS Portal Search” means each individual search carried out through the CIFAS Portal;
“Data Matching Rules” means the rules and parameters that determine how to match the data contained in a CIFAS Portal Search with CIFAS Data on FIND;
“FIND” means the fraud investigation database operated by CIFAS to enable Members to make use of the CIFAS Data;
“Member” means the company, person, organisation or public body that meets the qualifying CIFAS membership criteria and is authorised by CIFAS to access CIFAS Data;
“Permitted Purpose” means for the use of identity fraud, fraud and money laundering prevention purposes.

2. USE OF THE SUPPLIER DATA
2.1. The End User may only use CIFAS Data for the Permitted Purpose if it is a Member and in accordance with the CIFAS Handbook and Articles of Association and the principles set out in the Rules of CIFAS together with these terms.

3. END USER OBLIGATIONS
3.1. The End User must provide GBG with its Member number prior to its use of the CIFAS Data services;
3.2. If the End User ceases to be a Member then it must immediately communicate this to GBG and cease to use the CIFAS Data services.
3.3. The End User will only process the CIFAS Data from within the European Economic Area (EEA) or a country or territory that the European Commission has deemed to provide an adequate level of protection for Personal Data.
3.4. The End User will not:
(a) disclose the CIFAS Data to any third party (other than as permitted by this Agreement);
(b) except to the extent necessary for the proper performance of this Agreement or as previously agreed in writing by CIFAS, carry out any research, analysis or profiling activity which involves the use of any element of the CIFAS Data (including in aggregate form) or any information derived from any processing of such CIFAS Data;
(c) pass files containing the CIFAS Data to any third party (including sub-contractors) for further processing by that third party or its agents; and
(d) disclose CIFAS Data to any individual requesting such disclosure under the Privacy and Data Protection Requirements, but instead refer those individuals who are seeking specific subject access to CIFAS Data to CIFAS.
3.5. The End User will promptly notify GBG if it becomes aware that any of the CIFAS Data accessed through the CIFAS Portal is inaccurate or the integrity of any of the CIFAS Data is compromised.

4.EXCLUSION OF WARRANTIES
4.1 The End User acknowledges and agrees that the data is provided “as is”, “as available” and with all faults and is provided without any covenants, promises or guarantees as to accuracy, functionality, performance, merchantability, system integration, data accuracy or fitness for any purpose and CIFAS makes no representation that the provision of CIFAS Data following a CIFAS Portal Search will result in any or all frauds being detected. Any conditions, terms or warranties as to the same implied or imposed by statue or common law are hereby excluded to the fullest extent permitted by law.

5.DATA PROTECTION AND COMPLIANCE WITH RELEVANT LAWS
5.1 The End User acknowledges and accepts that the nature of this Service requires disclosure of Client Information to CIFAS who processes Client Information in its capacity as Controller and not Sub-processor. The End User’s request for this Service will be deemed to be the End User’s instruction to GBG to disclose Client Information to CIFAS as necessary to perform this Service.
5.2 CIFAS is based in the United Kingdom, which is located within the EEA. On this basis, Personal Data is not transferred outside of the EEA in order to provide End Users with access to this element of the Service.

6. TERMINATION
6.1. Notwithstanding the termination provisions between GBG and the End User in the General Terms, under the terms of GBG’s agreement with CIFAS, the supply of CIFAS Data can be terminated upon GBG providing the Client with 6 months’ notice.