• Supplier hosts the Supplier Data
• Supplier receives and processes CIFAS End User Data in its capacity as controller
• GBG receives and processes CIFAS End User Data and Supplier Data in its capacity as a processor
• CIFAS End User Data includes personal data
• The Supplier is based in the United Kingdom
• The United Kingdom is deemed to offer an adequate level of data protection by the European Commission

The Supplier Data used to provide the CIFAS Fraud Check Dataset is supplied by CIFAS. GBG is obliged under the terms of its agreement with CIFAS to ensure that all End Users agree to comply with the following licencing provisions:

1. DEFINITIONS
1.1. In these Additional Terms, the following definitions shall apply, in addition to the definitions set out in the General Terms and Product Terms:
“CIFAS End User Data” means any data provided by the End User to GBG and CIFAS for processing via the CIFAS Portal, including where relevant any personal data, in accordance with these Additional Terms and any relevant terms within the Agreement.
“CIFAS Handbook” means the principles, processes, rules, rights and obligations set out in the CIFAS Handbook.
“CIFAS Portal” means the library of web service operations that enables an agency to access Supplier Data for onward provision to Members;
“CIFAS Portal Search” means each individual search carried out through the CIFAS Portal;
“Member” means the company, person, organisation or public body that meets the qualifying CIFAS membership criteria and is authorised by CIFAS to access Supplier Data;
“Permitted Purpose” means the purposes, restrictions and/or conditions for the use of the Dataset outlined by the Supplier as set out in clauses 2.3 to 2.7 below, in addition to the Customer Use Case set out in the Agreement and at clause 2.1.
“Supplier Data” means (a) the information received from Members which is processed by CIFAS concerning identified and confirmed frauds (including staff frauds), which contains personal data linked to such frauds and is used for crime prevention and/or detection purposes and (b) the information received from potential victims seeking the protection of CIFAS;

2. USE OF THE DATASET
2.1. This Dataset may only be used for the Customer Use Cases detailed below, provided that such Customer Use Case is selected on the End User's Order Form and the End User complies with any use case restrictions set out in the Agreement:
• ID Verification – Fraud
• ID Verification – Regulatory
2.2. In addition to the Customer Use Case restrictions contained within clause 2.1 (including any conditions that apply to that Customer Use Case) the following terms set out in clauses 2.3-2.7 shall also apply.
2.3. The End User may only use this Dataset if it is a Member and in accordance with the CIFAS Articles of Association and the CIFAS Handbook together with these Additional Terms. The End User must provide GBG with its Member number prior to its use of this Dataset;
2.4. If the End User ceases to be a Member, then it must immediately communicate this to GBG and cease to use the Dataset.
2.5. The End User warrants that it will only use the Dataset from within the European Economic Area (EEA) or a country or territory that the European Commission has deemed to provide an adequate level of protection for personal data.
2.6. The End User will not:
(a) disclose the Supplier Data and/or Results to any third party
(b) carry out any research, analysis or profiling activity which involves the use of any element of the Supplier Data (including in aggregate form) or any Results derived from the use of the Dataset;
(c) pass files containing the Supplier Data and or Results to any third party (including sub-contractors) for further processing by that third party or its agents; and
(d) disclose Supplier Data and or Results to any individual requesting such disclosure under Applicable Data Protection Laws, but instead refer those individuals who are seeking specific subject access to Supplier Data to CIFAS.
2.7. The End User will promptly notify GBG if it becomes aware that any of the Supplier Data accessed through the CIFAS Portal is inaccurate or the integrity of any of the Supplier Data is compromised.
2.8. The End User warrants that it will not use the Dataset for any reason outside of the Customer Use Case and Permitted Purpose.

3. DATA PROTECTION AND COMPLIANCE WITH RELEVANT LAWS
3.1. Notwithstanding the standard data protection provisions between GBG and the End User in the General Terms, the End User acknowledges and accepts that GBG shall act as a data processor in relation to CIFAS End User Data provided to GBG for this element of the Service, and the processing provisions set out in the relevant clauses of the Agreement shall apply.
3.2. Relationship of the Parties. The End User is the controller of CIFAS End User Data. The End User appoints GBG as a processor to process the CIFAS End User Data for the purposes of delivering the CIFAS Fraud Check Dataset to the End User.
3.3. The Supplier Data used to provide you with this Dataset is hosted by the Supplier in the United Kingdom. In order to deliver this Dataset, the Supplier shall receive and process CIFAS End User Data as an independent controller appointed by GBG in its capacity as a processor.
3.4. The United Kingdom is deemed to offer an adequate level of data protection for personal data by the European Commission, therefore the Parties acknowledge that CIFAS End User Data can be safely transferred to the Supplier for processing without further data export safeguards.

4. EXCLUSION OF WARRANTIES
4.1. The End User acknowledges and agrees that the Supplier Data is provided “as is”, “as available” and with all faults and is provided without any covenants, promises or guarantees as to accuracy, functionality, performance, merchantability, system integration, data accuracy or fitness for any purpose and CIFAS makes no representation that the provision of Supplier Data following a CIFAS Portal Search will result in any or all frauds being detected. Any conditions, terms or warranties as to the same implied or imposed by statue or common law are hereby excluded to the fullest extent permitted by law.