• Supplier hosts the Supplier Data
• Supplier is a Sub-processor of Client Information
• Client Information includes Personal Data
• The Sub-processor is located outside of the EEA
• Where GDPR applies to the Client, the Client must rely on a derogation to transfer Client Information to the Sub-processor based outside of the EEA in accordance with Article 49 GDPR.

The Supplier Data that GBG uses to provide Email Validation is supplied by GBG's Data Supplier. GBG is obliged under the terms of its agreement with its Data Supplier to ensure that all End Users agree to comply with the following provisions:

1. DEFINITIONS
1.1. In these Additional Terms, the following definitions shall apply, in addition to the definitions set out in the General Terms:
“Contact Data” means any combination of email address, postal address, phone number, IP address, and/or name.

USE OF THE SERVICE
2.1 The End User must not under any circumstances use the Supplier Data for the purpose of:

(a) Transmitting or posting chain letters or pyramid schemes or other acts that involve deceptive online marketing practices or fraud;
(b) Acts that may materially and adversely affect the quality of experience of other users of the Supplier Data;
(c) Actual or attempted unauthorised use or sabotage of any computers, machines or networks;
(d) Introducing malicious programs in to the Supplier Data or the Data Supplier’s network or servers (e.g. viruses, Trojan horses, etc.);
(e) Engaging in any monitoring or interception of data not intended for the End User without authorisation;
(f) Attempting to circumvent authentication or security of any host, network, or account without authorisation;
(g) Adapting, modifying or creating derivative works based on the Supplier Data, technology underlying the Supplier Data, or other users’ content, in whole or in part;
(h) Duplicate, license, sublicense, publish, broadcast, transmit, distribute, perform, display, sell, rebrand, or otherwise transfer information found on the Supplier Data (excluding content posted by the End User) except as expressly permitted otherwise;
(i) Using any method, software or program designed to collect identity information authentication credentials, or other information;
(j) Transmitting or receiving, uploading, using or reusing material that is abusive, indecent defamatory harassing, obscene or menacing, or a breach of confidence, privacy or similar third party rights;
(k) Transmitting or receiving, uploading, using or reusing material that violates any intellectual property rights of any third party, including, without limitation, patents, trademarks, trade secrets and copyrights;
(l) Transmitting, receiving, uploading, using or reusing material that the End User does not have a right to transmit under and law or contractual or fiduciary relationships (such as inside information, proprietary and confidential information learned or disclosed as part of employment relationships or under nondisclosure agreements);
(m) Transmitting, receiving, uploading, using or reusing material that the End User or users the End User represents, have not collected directly from live web forms or other opt-in collection mechanisms directly related to the End User or it’s users’ businesses;
(n) Falsifying user identification information;
(o) Using the Supplier Data for anything other than lawful purposes including, but not limited to, intentionally or unintentionally violating any applicable local, state or national or international law;
(p) Impersonating any person or entity, including, but not limited to a representative of the Data Supplier, or falsely stating or otherwise misrepresenting the End User’s affiliation with a person or entity.

3.END USER OBLIGATIONS
3.1. The Supplier Data may not be downloaded, or otherwise exported or re-exported into, or to anyone on the U.S. Treasury Department’s list of Specially Designated Nations or the U.S. Commerce Department’s Table of Denial orders or a country under embargo with the U.S.

4.DATA PROTECTION AND COMPLIANCE WITH RELEVANT LAWS
4.1 The Supplier Data used to provide this element of the Service is hosted by the Data Supplier. In order to perform the Service, the Data Supplier shall act as Sub-processor of the End User Data (including any Personal Data supplied) [for the sole purpose of delivering this element of the Service. The End User authorises GBG to appoint the Data Supplier as Sub-Processor for the purposes specified in this clause 4.

4.2 The Data Supplier is based in the USA which is located outside of the EEA. The USA is deemed to offer an adequate level of data protection for Personal Data by the European Commission, therefore the Parties acknowledge that Personal Data can be safely transferred to the Data Supplier for sub-processing without further data export safeguards.  

5.WARRANTIES
5.1. The End User warrants that all Contact Data sent to the Data Supplier has been legally obtained and that its use is not in violation of any laws, rules, regulations legislation or directives governing such Contact Data, including without limitation any data protection laws pertaining to the End User’s country.
5.2. In the event that the End User provides access to its Contact Data in file stored with a third party source, the End User warrants that it has all legal rights and authority to grant the Data Supplier access to such files in order to download and process that Client Data using the Supplier Data and that it will have carried out a risk assessment as to the security of the Contact Data as stored by such third party so as to ensure the End User’s compliance with any relevant local Data Protection laws pertaining to the End User’s country including an independent risk assessment into whether the transfer of the Contact Data provides an adequate level of protection for the rights of the data subjects; and where appropriate put in place adequate safeguards to protect the rights of data subjects.