CANADA ID (NAME ADDRESS DOB SIN) (Item Check 0237) and 0409 CANADA CREDIT (FINTRAC) | ID NUMBER 100642 AND 201634

  • The Data Supplier hosts the Supplier Data
  • The Data Supplier is a Sub-processor of End User Data
  • End User includes Personal Data
  • The Data Supplier is located in Ontario in Canada
  • The Data Supplier is located outside of the EEA and the UK
  • Commercial organisations in Canada which are subject to the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA) are deemed to offer an adequate level of data protection by the European Commission
  • Ontario as a province of Canada is subject to PIPEDA and therefore businesses within Ontario are deemed to be adequate by the European Commission

The Supplier Data used to provide the Canada ID (Name Address DOB SIN) and 0409 Canada Credit (FINTRAC) Datasets is supplied by Trans Union of Canada, Inc (“TransUnion”) and includes consumer credit information about Canadian data subjects. GBG is obliged under the terms of its agreement with TransUnion to ensure that all End Users agree to comply with the following licensing provisions. These Additional Terms apply to Canada ID (Name Address DOB SIN) and 0409 Canada Credit (FINTRAC) Datasets. Individual Canada ID (Name Address DOB SIN) and 0409 Canada Credit (FINTRAC) Datasets can be identified by the ID Number listed on the End User’s Order Form.


1. DEFINITIONS
1.1. In these Additional Terms, the following definitions shall apply, in addition to the definitions set out in the General Terms:
End User Data” means any data provided to GBG by the End User for processing in accordance with the terms of the Agreement including, where relevant, any Personal Data.
Governmental Authority” means the government of Canada, or any political subdivision thereof, whether provincial, territorial, state, municipal or local, and any governmental, executive, legislative, judicial, administrative or regulatory agency, department, ministry, authority, instrumentality, commission, board, bureau or similar body, whether federal, provincial, territorial, state, municipal or local, in each case, having jurisdiction in the relevant circumstances.
Governmental Permit” means any license, right, permit, franchise, privilege, registration, direction, decree, consent, order, permission, approval or authority issued or provided, or to be issued or provided, by any Governmental Authority, including, where relevant to the End User, directives issued by the any Canadian gaming control regulator.
Permitted Purpose” means one or more of the permitted purposes described at clause 2.2, subject to the restrictions contained at clause 2 of these Additional Terms.
TransUnion Confidential Information” means information in an oral, written, graphic, machine readable format or any other format or medium whatsoever including, but not limited to, information that relates to patents, patent applications, research, product plans, products, developments, inventions, processes, designs, drawings, engineering, formulae, markets, software (including source and object code), hardware configuration, computer programs, algorithms, business plans, policies or practices, agreements with third parties, services, customers, pricing, marketing or finances of TransUnion or any other information that in the context of the relationship hereunder should reasonably be considered by the End User as non-public, confidential and/or proprietary.
TransUnion Services” means TransUnion’s proprietary identity verification services provided as part of this Dataset and as described in these Additional Terms.

2. USE OF THE SERVICE
2.1. Before accessing the Dataset, the End User must confirm and verify that its organisation:
a) is a legitimate existing business;
b) has obtained the appropriate consumer’s consent required under Canadian privacy law as more particularly detailed in clause 11.1; and
c) is using the Dataset for its own benefit and that it does not intend to resell or otherwise release the information to another third-party business, entity or person.
2.2. In accordance with Canadian consumer reporting legislation, the End User may only use the Dataset for the following Permitted Purposes:
a) in connection with the extension of credit to a consumer to whom the information pertains;
b) in connection with the purchase or collection of a debt of a consumer to whom the information pertains;
c) for the purpose of the entering into or renewal of a tenancy agreement;
d) for employment purposes;
e) in connection with the underwriting of insurance involving the consumer;
f) to determine the consumer's eligibility for any matter under a statute or a regulation where the information is relevant to a requirement prescribed by law; or
g) where there is a direct business need for the information in connection with a business or credit transaction involving the consumer.
2.3. The End User must not under any circumstances use the Dataset for investigation purposes, including but not limited to pre-litigation investigative services, without the consumer’s written consent (in accordance with clause 11.1, below) or as specifically permitted by applicable law.
2.4. The End User must track and maintain records of each inquiry carried out using the Dataset. Such records must include a copy of the consent obtained from each individual consumer in accordance clause 11.1 and must specify the purpose for which the inquiry was made. All records must be retained for the Term of the Agreement and for a period of at least three (3) years thereafter. Copies of records kept in accordance with this clause must be provided to TransUnion within seven (7) Business Days of a request to do so. The End User shall ensure that all consents are in verifiable form.
2.5. The End User appoints GBG as its agent for the purposes of requesting the TransUnion Services and otherwise facilitating the End User’s receipt of the TransUnion Services. The End User warrants that it will request the TransUnion Services for the End User’s exclusive, internal and one-time use only and pursuant to the procedures prescribed by TransUnion and/or GBG from time to time.
2.6. The TransUnion Services shall only be requested by, and disclosed by the End User to, an End User's designated and authorised employees, agents or representatives (each a, “Representative”) on a need-to-know basis (provided such Representatives are bound by confidentiality obligations at least as strict as the confidentiality provisions set forth herein) and only to the extent necessary to enable the End User to use the TransUnion Services in accordance herewith. The End User shall ensure that such Representatives do not attempt to obtain the TransUnion Services as it relates to themselves, their associates, or any other person, except in the exercise of their official duties. Nothing herein is intended to allow the End User to receive the TransUnion Services for the purpose of selling or otherwise providing them, or the information contained or derived from the TransUnion Services, to the consumer who is the subject thereof, or to any third party. For further clarity, the End User is prohibited from selling the TransUnion Services directly to consumers hereunder. The End User may make disclosures to consumers only as clearly required by law. Where the End User has made a legally permissible disclosure to a consumer, and such consumer has questioned information contained in the Supplier Data, the End User shall refer such consumer directly to TransUnion for further investigation.
2.7. The End User acknowledges that TransUnion is not responsible for the availability, performance, or security of GBG’s platform, or for the End User’s inability to obtain access to the TransUnion Services. The End User is responsible for all breaches emanating from any of the End User’s password or code misuse or any breaches using such End User’s password or code. TransUnion shall have no liability in relation thereto and the End User acknowledges that TransUnion shall assume that the individual(s) logging into or accessing GBG’s platform using the specific code(s) and password(s) assigned to the End User are in fact authorised to do so by the End User.
2.8. The TransUnion Services are configurable and the configuration, delivery specifications and/or decision criteria of the End User shall be as agreed upon between GBG and TransUnion. The End User acknowledges and agrees that it is solely responsible to determine its compliance obligations, in particular without limitation, its compliance with the provincial consumer reporting legislation, privacy legislation or the Proceeds of Crime (Money Laundering and Terrorist Financing Regulations) or other applicable law or regulation and as a result, the End User is solely responsible to obtain its own legal advice and to determine the configuration required from GBG such that it meets these compliance obligations.
2.9. In the event the End User obtains scoring services (“TransUnion Scores”), the following terms shall apply: the TransUnion Scores may be delivered with a consumer credit report for convenience only, but the TransUnion Score does not form part of the consumer credit report and does not update, enhance, modify, supplement or change the information in the consumer credit report on which it is based. The End User agrees that the TransUnion Scores are for the End User’s exclusive use. The End User may store TransUnion Scores solely for the End User's own use in furtherance of the End User's original purpose for obtaining the TransUnion Scores and for no other purpose. The End User recognizes that factors other than the TransUnion Score may be considered in making a decision about a consumer. Such other factors include, but are not limited to, the consumer credit report, the individual account history, application information, and economic factors. TransUnion may provide score reason codes to the End User. The score reason codes are designed to indicate the principal factors that contributed to the TransUnion Score, and may be disclosed to consumers as the reasons for taking adverse action, as required by applicable consumer reporting law. The TransUnion Score itself is proprietary and may not be used as the reason for adverse action and accordingly, shall not be disclosed to a credit applicant, except as clearly required by law.
2.10. The End User further acknowledges that, given the nature of the Dataset, GBG recommends that the End User does not use the Supplier Data and Output Materials as the sole basis for any business decision. The End User expressly accepts to use the Dataset at its own risks.
2.11. The End User warrants that it will not use this Dataset for any reason outside of the Permitted Purpose.

3. DUE DILLIGENCE
3.1. Prior to granting the End User access to the Dataset, GBG must carry out a comprehensive membership review of the End User as well as a site inspection of the principal place of business of the End User or an inspection through a digital platform to determine whether the End User's security measures are consistent with the minimum standards specified by TransUnion.
3.2. The End User acknowledges and agrees that access to the Dataset is dependent on the completion of a satisfactory security audit and questionnaire that demonstrates compliance with these terms in accordance with clause 3.1.

4. SERVICE LEVELS

4.1. Notwithstanding the Service Levels in the Agreement, the End User acknowledges and accepts that:
a) TransUnion performs regular maintenance on their systems and may utilise all their published maintenance windows during which the use of the Dataset may be unavailable. The regularly maintenance windows is 2.00am to 6.00am (Eastern Standard Time) Sundays and, on occasion, TransUnion may institute an extended scheduled maintenance window with advance notice.
b) TransUnion provides no specific resolution times for incidents that affects their services therefore the service resolution times as part of GBG’s Standard Support Services do not apply for this Dataset.

5. SAFEGUARDING
5.1. The End User shall implement, and shall take measures to maintain, reasonable and appropriate administrative, technical, and physical security safeguards (“Safeguards”) designed to: (i) ensure the security and confidentiality of any Supplier Data and personal information derived from the TransUnion Services; (ii) protect against anticipated threats or hazards to the security or integrity of the Supplier Data and personal information; and, (iii) protect against unauthorized access or use of the Supplier Data and personal information. The End User shall implement and maintain reasonable security procedures and practices appropriate to the nature of the information and to protect the Supplier Data and personal information from unauthorized access, destruction, use, modification, or disclosure including without limitation, ensuring any End User intentional deletion, destruction and/or disposal of the Supplier Data and personal information (whether in paper, electronic, or any other form, and regardless of medium on which such Supplier Data and personal information is stored) is performed in a manner so as to reasonably prevent its misappropriation or other unauthorized use including, but not limited to, cross-shredding printed information and pulverizing or incinerating tapes, disks and other such non-paper media. The End User acknowledges and agrees that the provision of the TransUnion Services may be dependent on the End User’s completion of a satisfactory security audit and questionnaire that demonstrates compliance with these Additional Terms.
5.2. The End User is responsible for: (i) any breaches to its Safeguards, including those emanating from its leased lines, modems or other communication devices; (ii) any failure by the End User to establish or maintain its Safeguards; (iii) any loss, theft or unauthorized access, disclosure, distribution, copying, modification, use or destruction of the Supplier Data and personal information; (iv) any unauthorized access to or use of any software, hardware or systems of GBG or TransUnion, including any authorized access or use of any account credentials or member codes; (v) any unauthorized entry to the facilities where the TransUnion Services may have been accessible; (vi) any unauthorized release of or access to the TransUnion Services by an employee, agent, contractor or subcontractor of the End User resulting from a breach of its Safeguards or otherwise; or (vii) any unauthorized access to or use of the TransUnion Services (each, a “Breach”).
5.3. In the event of a Breach affecting TransUnion Personal Information, the End User shall immediately (but in no event later than twenty-four (24) hours of becoming aware of a confirmed Breach affecting TransUnion Personal Information) notify GBG or TransUnion by phone and in writing with the following information: a description of the Breach (and, if known, the cause), and if known, the date on (or the period during which) the Breach occurred, details of the Supplier Data and personal information impacted by the Breach, details of consumer impact, including the number of impacted consumers, a description of the steps taken to contain, mitigate and recover from the Breach, and any other information reasonably required by GBG or TransUnion in connection with such Breach.
5.4. The End User shall fully cooperate with TransUnion and GBG in mitigating any damages due to any Breach. Such cooperation shall include, but not necessarily be limited to, allowing TransUnion and/or GBG to participate in the investigation of the cause and extent of such Breach. Such cooperation shall not relieve the End User of any liability it may have as a result of such Breach.
5.5. TransUnion or GBG reserve the right to suspend or terminate the End User’s access to all or part of the TransUnion Services if the End User fails to comply with its obligations in this clause or TransUnion or GBG reasonably suspect that the End User is experiencing or has experienced a Breach. In addition, TransUnion or GBG may require the End User to modify its account credentials, undergo a security assessment or agree to additional security controls in order to regain access to the TransUnion Services, in their sole discretion. Upon request by TransUnion or GBG, the End User shall provide a certificate signed by the End User’s forensic auditor or Chief Information Officer (or equivalent) to confirm that the Breach has been fully remediated and that there is no further risk to the Supplier Data and personal information.
5.6. The End User shall ensure that all of its employees, agents, contractor and subcontractors comply with the requirements set out in this clause and other obligations of the End User in the Agreement.

6. AUDIT AND INVESTIGATIONS
6.1. The End User shall cooperate with GBG and/or TransUnion with regards to any investigation launched as a result of a consumer complaint or any other investigation necessary to ensure compliance with these Additional Terms and applicable laws. The End User shall re-verify disputed information and inquiries upon GBG and/or TransUnion’s request and confirm such disputed items to GBG and/or TransUnion within five (5) Business Days.
6.2. The End User understands and agrees that a failure to do so may result in the disputed information being deleted by TransUnion as “unverifiable”. Furthermore, during the term of the Agreement and for a period of three (3) years thereafter, GBG and/or TransUnion may audit the End User’s policies, procedures and records to ensure compliance with these Additional Terms, including compliance with applicable laws, upon reasonable notice and during normal business hours.

7. CONFIDENTIAL INFORMATION AND OWNERSHIP
7.1. The End User agrees that it will receive TransUnion Confidential Information, and such TransUnion Confidential Information will be held in strict confidence by the End User and shall be disclosed only (i) upon demand to governmental regulatory agencies; or (ii) as required by law. The End User shall protect any such TransUnion Confidential Information with at least the same degree of care it uses to protect its own information of a similar nature (although not less than a reasonable degree of care) or as required under applicable laws.
7.2. The End User agrees that it is not a breach of the confidentiality obligations under the Agreement for TransUnion to disclose to any third party any information furnished to TransUnion, including the End User Data, in the ordinary course of its credit reporting business for incorporation into TransUnion’s database(s) or an inquiry of or an inquiry posted to TransUnion’s database(s) pursuant to applicable law.
7.3. The End User agrees that the TransUnion Services provided hereunder are confidential and proprietary to TransUnion and except as explicitly set forth herein, and subject to the licenses granted to the End User hereunder, the entire right, title and interest in and to the TransUnion Services and all copyrights, patents, trade secrets, trademarks, trade names, and all other intellectual property rights associated with any and all ideas, concepts, techniques, inventions, processes, or works of authorship including, but not limited to, all materials in written or other tangible form developed or created by TransUnion in its performance of the TransUnion Services, shall at all times vest exclusively in TransUnion.
7.4. TransUnion reserves all rights not explicitly granted to the End User hereunder. The End User shall not attempt, directly or indirectly, to reverse engineer, decompile, or disassemble the TransUnion Services or any confidential or proprietary criteria developed or used by TransUnion relating to the TransUnion Services provided hereunder.
7.5. Subject to the End User’s compliance with these Additional Terms, GBG grants to the End User, on behalf of TransUnion: (a) a worldwide, paid-up, non-transferable, revocable and non-exclusive license to all TransUnion Services provided hereunder for use by the End User, within the End User’s internal business operations; and (b) a worldwide, paid-up, limited, revocable and non-exclusive license to use any and all TransUnion-owned intellectual property rights that are integrated into such TransUnion Services to the extent necessary for the End User to exercise, unencumbered, its rights set forth herein. Such licenses shall not be deemed to include sublicensing rights or any rights to third party works including, but not limited to, any TransUnion subcontractor intellectual property rights, unless TransUnion explicitly otherwise grants such rights to the End User in writing.

8. WARRANTY
8.1. The End User recognizes that the TransUnion Services furnished to the End User are based upon data obtained from sources considered to be reliable. However, due to the possibilities of errors inherent in the procurement and compilation of statistical data involving a large number of individuals, the accuracy, reliability or completeness of the information provided as part of the TransUnion Services is not warranted and the TransUnion Services are provided “AS IS” and the End User shall use the TransUnion Services at its own risk. TransUnion does not guarantee the accuracy, completeness or reliability of the TransUnion Services, and a fraud message, a match, or lack of a match, is not intended, in itself, to guarantee reliability. In addition, TransUnion and GBG make no representations or warranties that the use of the TransUnion Services or any particular configuration of such TransUnion Services requested by the End User will enable the End User to meet its compliance obligations. OTHER THAN AS SET FORTH IN THIS CLAUSE, TRANSUNION AND GBG MAKE NO OTHER WARRANTIES AND HEREBY DISCLAIM ALL OTHER WARRANTIES, REPRESENTATIONS, OR CONDITIONS, WHETHER STATUTORY, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, WARRANTIES OR CONDITIONS AS TO QUALITY OR FITNESS FOR A PARTICULAR PURPOSE OR THAT THE TRANSUNION SERVICES WILL BE OF MERCHANTABLE QUALITY. FURTHERMORE, TRANSUNION AND GBG’S SOLE LIABILITY, AND THE END USER’S SOLE REMEDY, FOR BREACH OF THIS WARRANTY SHALL BE THE CORRECTION OF ANY DEFECTIVE TRANSUNION SERVICE (PROVIDED THAT, TRANSUNION AND/OR GBG RECEIVES A WRITTEN NOTICE WITH A REASONABLY DETAILED DESCRIPTION OF THE DEFECT WITHIN TEN (10) DAYS AFTER THE PERFORMANCE OF THE SERVICE) AND/OR THE REFUND OF FEES PAID FOR SAME AT TRANSUNION OR GBG’S DISCRETION. THE END USER ACKNOWLEDGES AND AGREES THAT THESE ADDITIONAL TERMS SHALL NOT GIVE RISE TO ANY THIRD-PARTY RIGHTS AGAINST TRANSUNION’S DATA SUPPLIERS AND/OR LICENSORS AND THAT, TO THE MAXIMUM EXTENT PERMITTED BY LAW, ALL RIGHTS AND OBLIGATIONS UNDER THESE ADDITIONAL TERMS AND ANY LIABILITY RESULTING THEREFROM ARE SOLELY BETWEEN THE PARTIES HERETO.

9. INDEMNITY
9.1. The End User shall indemnify and hold harmless TransUnion and its directors, officers, employees, representatives and agents from any and all claims, losses, liabilities or damages, including consequential damages, and costs (including reasonable attorney’s fees) arising directly or indirectly from, but not limited to: (i) the failure or alleged failure of the End User to perform any of its obligations described in these Additional Terms, and the failure by the End User to comply with any provision of these Additional Terms including but not limited to, any breach which results in the non-permissible use of the TransUnion Services provided hereunder; (ii) the negligence or intentional wrongful conduct of the End User, and/or its directors, officers, employees, agents, contractor or subcontractors; (iii) the use or misuse of the TransUnion Services by the End User; (iv) a violation by the End User of any applicable laws, including but not limited to the failure of the End User to obtain and/or maintain in good standing any relevant Governmental Permits; (v) any claims by individuals relating to the use, retention or disclosure of personal Information, including any information included in the TransUnion Services; (vi) any claims arising out of actions or omissions of the End User, or its employees, agents, subcontractors; or (vii) any breach of confidentiality obligations or of any obligations related to the Safeguards.

10. LIABILITY
10.1. IN NO EVENT SHALL TRANSUNION BE LIABLE FOR ANY CONSEQUENTIAL, INCIDENTAL, INDIRECT, SPECIAL, EXEMPLARY, OR PUNITIVE DAMAGES INCURRED BY THE END USER ARISING OUT OF THE PROVISION OF THE TRANSUNION SERVICES, INCLUDING BUT NOT LIMITED TO LOSS OF GOODWILL, LOSS OF DATA AND LOST PROFITS OR REVENUE, WHETHER OR NOT SUCH LOSS OR DAMAGE IS BASED IN CONTRACT, WARRANTY, TORT, NEGLIGENCE, STRICT LIABILITY OR OTHERWISE, EVEN IF TRANSUNION HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
10.2. IN NO EVENT SHALL TRANSUNION’S TOTAL AGGREGATE LIABILITY TO THE END USER, OR ANY THIRD PARTY ARISING IN RESPECT OF THE TRANSUNION SERVICES UNDER THESE ADDITIONAL TERMS AND/OR IN RESPECT OF THE TRANSUNION SERVICES EXCEED THE TOTAL AMOUNT OF FEES PAID BY THE END USER FOR THE TRANSUNION SERVICES DURING THE THREE (3) MONTH PERIOD IMMEDIATELY PRECEDING THE FIRST EVENT GIVING RISE TO A CLAIM FOR LIABILITY, WHETHER SUCH CLAIM IS BASED IN CONTRACT, TORT, WARRANTY, NEGLIGENCE, STRICT LIABILITY OR OTHERWISE.
10.3. THESE LIMITATIONS SHALL SURVIVE AND APPLY NOTWITHSTANDING THE VALIDITY OF THE LIMITED REMEDIES PROVIDED HEREUNDER.
10.4. IN NO EVENT WILL TRANSUNION BE LIABLE FOR ANY DISPUTE THAT ARISES BETWEEN THE END USER AND GBG.

11. DATA PROTECTION AND COMPLIANCE WITH RELEVANT LAWS
11.1. The End User warrants that:
a) it shall comply with all applicable Canadian, provincial and local laws, including the various provincial consumer reporting acts or equivalent, the Personal Information Protection and Electronic Documents Act (Canada) (PIPEDA) or equivalent provincial privacy acts, and any applicable regulations, judicial orders and/or orders of an administrative tribunal, as are now or may in the future become effective.
b) prior to use of the Dataset it has obtained the appropriate, active and informed consent from each individual consumer in accordance with applicable Canadian privacy law for the collection, disclosure and use of personal information about such consumer. The End User warrants that it will use such personal information only as permitted by such consent. The End User will permit GBG and/or TransUnion to review a copy of the End User’s consent form(s) and/or privacy policy, and will forward any revised consent form(s) and/or privacy policy for review by GBG and/or TransUnion within a reasonable period of time after their adoption. The End User agrees to make changes to such documents as GBG and/or TransUnion may request from time to time that are necessary, in the sole opinion of TransUnion, for TransUnion to lawfully provide the Dataset. Where the End User requests the TransUnion Services to be performed based on information obtained from a third party, the End User represents and warrants that it has obtained the agreement and/or consent of such third party for the intended use and that such use is consistent with any applicable law.
c) prior to the use of the Dataset it has obtained all Governmental Permits required to be obtained and that are necessary to carry on its business in each Canadian province and that each Governmental Permit is valid, subsisting and in good standing. The End User shall remain in good standing with all Governmental Authorities having jurisdiction or authority over or in respect of it and to obtain and maintain in good standing throughout the term all Governmental Permits necessary in connection with the operation of its business, including those required to be obtained and/or maintained pursuant to applicable law. The End User shall provide a copy of such Governmental Permits upon GBG or TransUnion’s request.
11.2. The Supplier Data used to provide you with this Dataset is hosted by the Data Supplier in Canada. In order to deliver this Dataset and the TransUnion Services, TransUnion shall act as Sub-processor of the End User Data (including any Personal Data supplied) for the sole purpose of delivering the Dataset and the TransUnion Services. The End User authorises GBG to appoint TransUnion as Sub-Processor for the purposes specified in this clause 11.2.
11.3. The End User acknowledges that this Dataset is only recommended for ID verification of Canadian data subjects. Whilst GBG confirms that the Data Supplier has passed privacy due diligence and that the Supplier Data used to provide this Dataset has been gathered lawfully by the Data Supplier in accordance with privacy laws in Canada, the Data Supplier may not adhere other privacy laws.
11.4. TransUnion is located in Ontario which is subject to PIPEDA therefore the Parties acknowledge that businesses within Ontario are deemed to offer an adequate level of data protection for Personal Data by the European Commission. On this basis, the Parties acknowledge that End User Data can be safely transferred to TransUnion for processing without further data export safeguards.

12. THIRD-PARTY BENEFICIARY
12.1. TransUnion is an intended third-party beneficiary of these Additional Terms.

13. TERMINATION
13.1. In the event of a breach by the End User of these Additional Terms, TransUnion shall have the right, without notice, to cause GBG to terminate the provision of the TransUnion Services to the End User.
13.2. Notwithstanding the other termination provisions in the Agreement, under the terms of GBG’s agreement with TransUnion the supply of this Dataset may be terminated at any time by GBG providing the End User with 90 days’ notice.