• Supplier hosts the Supplier Data
• Supplier is a Sub-processor of Client Information
• Client Information includes Personal Data
• The Sub-processor is based in Australia
• The Sub-processor is located outside of the EEA
• Where GDPR applies to the End User, the End User must rely on a derogation to transfer Client Information to the Sub-processor based outside of the EEA in accordance with Article 49 GDPR

The Supplier Data that GBG uses to provide Australia Data is supplied by GBG’s Data Supplier, Equifax Australia Information Services and Solutions Pty Limited (“Equifax”). GBG is obliged under the terms of its agreement with Equifax to ensure that all End Users agree to comply with the following provisions. These terms apply to all Australia Data checks. Individual Australia Data checks are identified by ID Number on the End User’s Order Form.

1. DEFINITIONS
1.1. In these Additional Terms, the following definitions shall apply, in addition to the definitions set out in the General Terms:
“AML/CTF Act” means the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth);
“Applicable Laws” means all applicable law, enactments, regulations, regulatory policies, binding guidelines, binding industry codes, regulatory permits and licenses which are in force from time to time including, without limitation, AML/CTF Act, applicable data protection and Privacy Laws and the GST Act;
“Applicant” means a person who applies for an End User Product;
“Application” means an application for an End User Product;
“Business Rules” means the instructions provided to Equifax regarding the processing of an Applicant's Personal Information as part of a Service Request;
“Corporations Act” means the Corporations Act 2001 (Cth);
“End User Materials” means Materials supplied by the End User or on behalf of an End User for use in the provision of the Service;
“End User Product” means financial products or any other Designated Service offered by the End User involving the provision of Designated Services as defined in the AML/CTF Act;
“Confidential Information” means these terms and conditions and all confidential information, material and technology disclosed or provided in any form by any party to the other party in connection with the subject matter of these terms and conditions;
“Equifax Database” means a database owned by or licensed to Equifax but not listed as a Proprietary Database;
“Equifax Group Company” means Equifax and any Related Body Corporate from time to time of Equifax and their respective Employees;
“Employees” means officers, employees, agents, sub-contractors and representatives;
“Future Data Sets” means any other data sets that may be provided by Equifax to the End User, and may include data obtained from websites operated by government entities or authorities;
“ID Index” means the custom built system of analysing and scoring the data comprised in the End User Materials and the search results provided to the End User in response to a Service Request and includes the End User’s particular search parameters based on the Business Rules;
“Intellectual Property Rights” means all current and future registered and unregistered rights in respect of patents, copyright (including Moral Rights), designs, circuit layouts, trademarks, trade secrets, know-how, confidential information, invention and discoveries and all other intellectual property as defined in article 2 of the convention establishing the World Intellectual Property Organisation 1967;
“Material” means any material, whether tangible or intangible, in any form, including documents, records, software, data and any other information;
“Permitted Purpose” means the purposes of verifying an Applicant’s identity solely for the End User’s internal business purposes and for the purposes of complying with all Applicable Laws;
“Personal Information” has the same meaning as in the Privacy Act 1988 (Cth);
“Privacy Law” means:
(a) the Privacy Act 1988 (Cth);
(b) any Guidelines, Public Interest Determinations or other advices relating to Personal Information issued by the Office of the Federal Privacy Commissioner in Australia; and
(c) any other requirement under Australian law, industry code or policy relating to the handling of Personal Information;
“Proprietary Database” means each of the following databases either owned by Equifax, or for which Equifax has rights of access:
(a) Equifax Identity Data;
(b) Equifax Commercial Credit Database;
(c) Insurance Claims Database;
(d) National Tenancy Database; and
(e) Any other database agreed by the parties from time to time;
“Public Database” means each of the following public databases:
(a) Australian Electoral Roll – Current;
(b) Australian Electoral Roll – Historical 2004;
(c) Equifax Phone Number Directory;
(d) Equifax Public Records;
(e) Any other database agreed by the parties from time to time;
“Related Body Corporate” has the meaning given it in the Corporations Act;
“Service” means Equifax’s electronic customer verification service (incorporating the ID Index) by which Equifax applies the Business Rules to an Applicant to verify an Applicant’s identity using Proprietary Databases, Public Databases, Third Party Databases and/or Future Data Sets (as agreed) for the purpose of allowing the Applicant to obtain a specified End User Product using agreed access and delivery methods;
“Service Materials” means a service, product or work and any related documentation to be supplied by Equifax to an End User;
“Service Request” means an automated request by an End User to Equifax for Equifax to verify an Applicant’s details using the Service;
“Third Party Database” includes and is not limited to the following databases:
(a) Visa Entitlement Verification Online;
(b) DFAT’s My Passport;
(c) Medicare;
(d) Births, Deaths and Marriages for each of New South Wales, Victoria, Queensland, Western Australia, South Australia, Tasmania, Northern Territory and the Australian Capital Territory;
(e) Government Drivers License authorities or agencies in each of New South Wales, Victoria, Queensland, South Australia, and the Australian Capital Territory; and
(f) Sanctions List.

2. USE OF THE SERVICE
2.1. The End User acknowledges that these terms and conditions govern use of the Service and further terms and conditions apply to use of the data that is transmitted as part of the Service. Accordingly:
(a) where it is an existing subscriber to one or more of the Proprietary Databases, the terms and conditions of use applicable to those Proprietary Databases will continue to apply to the End User’s use within the provision of this Service;
(b) where, pursuant to the Business Rules, the End User requests Equifax to use other Equifax Databases in providing the Service, the terms and conditions of use of those Equifax Databases will apply, in addition to these terms;
(c) where, pursuant to the Business Rules, the End User requests Equifax to use Third Party Databases in providing the Services, the terms and conditions of use of those Third Party Databases will apply to the End User (where applicable), in addition to these terms.
2.2. Where a third party Equifax imposes any restrictions on conditions of use on the End User pursuant to that third party Equifax agreement with Equifax, Equifax reserves the right to impose these conditions on the End User, and the End User agrees to comply with them.

3. END USER OBLIGATIONS
3.1. The End User must obtain the consent of each Applicant for the provision of the Services.
3.2. The End User acknowledges that the terms and conditions of Third Party Databases may require an Applicant to conduct identity verification in an Applicant’s own name. In addition to clause 3.1 therefore, the End User must obtain the authority of the Applicant for Equifax to act as the Applicant’s agent in accessing Third Party Databases for identity verification. The End User will dispatch Service Requests to the Service as Applications are made and not, unless instructed by Equifax, in batches or in a way that is otherwise likely to disrupt Equifax’s provision of the Service. Specifically the End User must not at any time process more than 500 transactions per hour.
3.3. Without limiting the End User’s obligations under these terms and conditions, the End User must:
(a) not use the Service, Service Materials or any other data generated by use of the Service, for any purpose other than the Permitted Purpose;
(b) not resell the Service, Service Materials or any other data generated by use of the Service (whether or not other information or services are added to it and whether or not it is incorporated into another service or other data);
(c) not change, delete or alter the data contained in the metadata fields of the data provided by Equifax as part of the Service (though this shall not prevent the End User from adding to such data); and
(d) comply with other reasonable product compliance requirements which Equifax may notify to the End User from time to time.
3.4. The End User is solely responsible for maintaining regular backups of all End User data associated with the Services. To the extent that Equifax is in possession of End User data, Equifax will be responsible for the maintenance, confidentiality, privacy and security of any such data. The End User acknowledges that Equifax may disclose to its third party suppliers for identity verification purposes only. The End User is responsible for ensuring that it has appropriate consents in place to support such disclosure.
3.5. The parties acknowledge that the AML/CTF Act, among other regulations, places certain obligations on the End User in relation to identifying and verifying the identity of its customers, reporting and record keeping. The End User acknowledges that while the Service provided by Equifax under these terms and conditions assists the End User to comply with the AML/CTF Act, the obligation to comply with this legislation remains with the End User.

4. LIABILITY
4.1. Notwithstanding the liability of the End User to GBG as set out in the General Terms, to the extent permitted by law, GBG and Equifax limits its liability in respect of any failure to comply with a statutory guarantee, which cannot be excluded to the resupply of services or the cost of resupplying the services.
4.2. Neither Equifax nor Equifax Group Companies shall have any liability whatsoever to the End User (including in negligence and breach of statutory duty) and the End User shall have no remedies against them with respect to the Service, or any use of or reliance on the same made by the End User or any person through the End User, including without limitation any loss of data or the inability to retrieve data, resulting from or incidental to the use of the Service or any direct, indirect, incidental, consequential, special, exemplary or punitive damages, any loss of profit, investment, trading, reliance or wasted expenditure, any liability to third parties, or any other form of loss or liability, regardless of cause, and whether in tort, contract, strict liability, statutory duty or liability or under any other form of action, and even if Equifax was advised of the possibility of such damages.

5. EXCLUSION OF WARRANTIES
5.1. GBG and Equifax makes no warranties or representations about information sourced from third parties that is provided under the Service, or its reliability, accuracy, completeness, or currency and excludes all liability for any loss or damage in relation to the accuracy, completeness, currency or quality of information sourced from third parties that is provided under the Service.
5.2. The End User acknowledges and agrees that the Service (including for the avoidance of doubt its content) are provided “as is”, “as available” and with all faults and is provided without any covenants, promises or guarantees as to accuracy, functionality, performance, merchantability, system integration, data accuracy or fitness for any purpose. Any conditions, terms or warranties as to the same implied or imposed by statue or common law are hereby excluded to the fullest extent permitted by law.

6. INTELLECTUAL PROPERTY RIGHTS
6.1. The parties agree that other than as provided in this clause 6 (Intellectual Property Rights), nothing in these terms and conditions transfers ownership in, or otherwise grants any rights in any Intellectual Property Rights of a party.
6.2. If Equifax provides any Service Material to the End User, then Equifax grants to the End User a non-transferable, non-exclusive, royalty-free licence for the Term to use Equifax Material solely for the purpose of the End User being able to use the Service.
6.3. The End User grants to Equifax a perpetual, non-transferable, non-exclusive, royalty free licence to use and exercise all of the Intellectual Property Rights in the End User Materials for the purpose of enabling Equifax to deliver the Service for the benefit of the End User only.
6.4. If any Intellectual Property Rights are expressly transferred or licensed by a party under these terms and conditions, then such transfer or licence applies in accordance with its terms, notwithstanding any inconsistent marks of a party (e.g. ©) that may be attached to that intellectual property.

7. DATA PROTECTION AND COMPLIANCE WITH RELEVANT LAWS
7.1. If, as a result of these terms and conditions, the End User is able to access any information about identifiable individuals held by or on behalf of Equifax (and Equifax Group Companies), then the End User must:
(a) comply all applicable Privacy Laws and such other data protection laws as may be in force from time to time which regulate the collection, storage, use and disclosure of information, as if it were regulated by these laws;
(b) comply with any privacy code or policy which has been adopted by Equifax as if it were bound by that code or policy;
(c) comply with any direction of Equifax that is consistent with the laws, codes and policies referred to in paragraphs (a) and (b) above;
(d) not to do any act or engage in any practice that would breach the Privacy Laws or cause Equifax to breach the Privacy Laws;
(e) take all steps which are reasonable in the circumstances to protect any Personal Information held by it in connection with these terms and conditions from misuse, interference or loss, and from unauthorised access, modification or disclosure;
(f) not transfer any Personal Information provided by Equifax in connection with these terms and conditions to a country or territory outside of Australia, without Equifax’s prior written consent;
(g) immediately notify Equifax if it becomes aware of a breach of the Privacy Law in connection with these terms and conditions and notwithstanding any other provision of these terms and conditions, will take steps to remedy the breach immediately;
(h) comply with any reasonable direction of Equifax to observe any recommendation of any government body relating to acts or practices of the End User that the government body considers to be in breach of the obligations of this clause; and
(i) indemnify Equifax and any Related Body Corporate from time to time of Equifax and their respective Employees for any loss or damage caused or contributed to by the End User’s failure to comply with the Privacy Laws or is breach of the confidentiality obligations set out in the General Terms in relation to Equifaxf.
7.2. The Supplier Data used to provide this element of the Service is hosted by Equifax. In order to perform the Services, Equifax shall act as Sub-processor of Client Information (including any Personal Data supplied) for the sole purpose of delivering this element of the Service. The End User authorises GBG to appoint Equifax as Sub-Processor for the purposes specified in this clause 7.2.
7.3. Equifax is based in Australia which is located outside of the EEA. Where GDPR applies to the End User, the End User acknowledges that prior to submitting Client Information to GBG for processing it shall determine, and is solely liable for ensuring that it can rely on a derogation to transfer Client Information to the Sub-processor based outside of the EEA in accordance with Article 49 GDPR.

8. TERMINATION
8.1. Notwithstanding the other termination provisions between GBG and the End User in the General Terms, under the terms of GBG’s agreement with Equifax, access to the Supplier Data may be terminated at any time by GBG providing the End User with 24 months’ notice.

9. GOVERNING LAW AND JURISDICTION
9.1. In relation to any matter concerning the Supplier Data and these terms and conditions, these terms and conditions shall be exclusively governed by the laws of New South Wales and the End User agrees to submit to the Courts of New South Wales in relation to any matter relating to these terms and conditions and the Service.