• Supplier hosts the Supplier Data
• Supplier is a Sub-processor of Client Information
• Client Information includes Personal Data
• The Sub-processor is located in the United States
• The Sub-processor is located outside of the EEA
• The Supplier is subject to the Privacy Shield Framework so is deemed to offer an adequate level of data protection by the European Commission
• GBG also has an arrangement in place with the Sub-processor to maintain appropriate safeguards

The Supplier Data that GBG uses to provide Email Validation is supplied by GBG’s Data Supplier. GBG is obliged under the terms of its agreement with GBG’s Data Supplier to ensure that all End Users agree to comply with the following provisions:

1. DEFINITIONS
1.1. In these Additional Terms, the following definitions shall apply, in addition to the definitions set out in the General Terms:
“Permitted Purpose” means use of the Supplier Data solely for the purpose of email validation.

2. USE OF THE SUPPLIER DATA
2.1. The Supplier Data may only be used for the Permitted Purpose in accordance with these terms.
2.2. The End User warrants that it will not:
(a) use the Supplier Data for any reason outside of the Permitted Purpose;
(b) copy or modify the Supplier Data to create a derivative work based on the search results;
(c) make the Supplier Data or information available to any third party, including a parent, subsidiary or associated company.
2.3. The Supplier Data is supplied on an “as is” basis, for which no warranties of any kind can be given.

3. DATA PROTECTION AND COMPLIANCE WITH RELEVANT LAWS
3.1. The Supplier Data used to provide this element of the Service is hosted by the Data Supplier. In order to perform the Services, the Data Supplier shall act as Sub-processor of Client Information (including any Personal Data supplied) for the sole purpose of delivering this element of the Service. The End User authorises GBG to appoint the Data Supplier as Sub-Processor for the purposes specified in this clause 3.1.
3.2. The Data Supplier is based in the United States which is located outside of the EEA. The Data Supplier is subject to the Privacy Shield Framework so is deemed to offer an adequate level of data protection for Personal Data by the European Commission, therefore the Parties acknowledge that Personal Data can be safely transferred to the Data Supplier for sub-processing without further data export safeguards.
3.3. In addition to clause 3.2 above, GBG also has an arrangement in place with the Data Supplier (acting as Sub-processor of the Client Information) to maintain appropriate safeguards, and the End User hereby grants GBG a mandate to conclude EU Model Clauses with the Sub-processor on behalf of the End User. GBG shall be entitled to sign the EU Model Clauses as Processor on behalf of its End Users generally and shall not be required to name the End User in such document.