• Supplier hosts the Supplier Data
  • Supplier receives and processes Client Information in its capacity as Controller
  • Client Information includes Personal Data
  • The Supplier is based in the UK
  • The Supplier is located within the EEA
  • The Supplier is a Credit Reference Agency (“CRA”) therefore the End User must include a reference to Credit Reference Agency Information Notice (“CRAIN”) in its fair processing notice

The Supplier Data that GBG uses to provide Current Name Addition is supplied by GBG’s Data Supplier, Equifax Ltd ("Equifax"). GBG is obliged under the terms of its agreement with its Data Supplier to ensure that all End Users agree to comply with the following provisions:

1.1. The End User is granted a non-exclusive licence to use the Supplier Data for the following purposes (“Permitted Purpose”):
(a) assessing the risk of granting credit to consumers;
(b) detecting fraud in relation to the granting of credit to consumers;
(c) assisting in the prevention of money laundering;
(d) collecting debts and tracing customers who owe debts under consumer credit agreements;
(e) ID and age verification in respect of consumers;
(f) bank account validations;
(g) services which can reasonably be described as derivatives of the above permitted purpose descriptions such as, but not limited, developments of legislation relating to data protection and identify verification.
1.2. The End User must not refer to the Supplier Data as a credit or credit reference agency check.
1.3. The End User acknowledges and accepts that Equifax is a CRA and in utilising the services of a CRA, the End User is required by Equifax to include a link to the Credit Reference Agency Information Notice (commonly known as “CRAIN”) as set out below within their own fair processing notice or provide an off-line route to access information about CRAIN, such as printed copies The CRAIN notice link is as follows
1.4. The End User shall fully indemnify GBG against all liabilities, costs, expenses, damages and losses incurred by GBG as a result of the End User’s failure to incorporate the CRAIN notice within their fair processing policy and notify individuals of such notice in the provision of the End User’s products and services.

2.1. The End User acknowledges and accepts that the nature of this Service requires disclosure of Client Information to Equifax who processes Client Information in its capacity as Controller and not Sub-processor. The End User’s request for this Service will be deemed to be the End User’s instruction to GBG to disclose Client Information to Equifax as necessary to perform this Service.
2.2. Equifax is based in the United Kingdom, which is located within the EEA. On this basis, Personal Data is not transferred outside of the EEA in order to provide End Users with access to this element of the Service.

3.1. Notwithstanding the termination provisions between GBG and the End User in the General Terms, under the terms of GBG’s agreement with Equifax, the supply of the Supplier Data can be terminated at any time if such supply is no longer possible under the terms of the agreement that Equifax has in place with its own third party data suppliers.