• Supplier hosts the Supplier Data
• The Supplier receives and processes End User Data in its capacity as an independent controller
• End User Data includes personal data
• The Supplier is located in Germany
• The Supplier is based within the EEA

The Supplier Data used to provide the Germany Credit Dataset is provided by GBG’s Supplier (Creditreform Boniversum GmbH). GBG is obliged under the terms of its agreement with its Supplier to ensure that all End Users agree to comply with the following licencing provisions:

1. DEFINITIONS
1.1. In these Additional Terms, the following definitions shall apply, in addition to the definitions set out in the General Terms and Product Terms:
“End User Data” means any data provided to GBG by the End User for processing in accordance with the terms of the Agreement including where relevant any personal data.
“Permitted Purpose” means the purposes, restrictions and/or conditions for the use of the Dataset outlined by the Supplier as set out in clause 2.2 below, in addition to the Customer Use Case set out in the Agreement and at clause 2.1.

2. USE OF THE DATASET
2.1. This Dataset may only be used for the Customer Use Cases detailed below, provided that such Customer Use Case is selected on the End User's Order Form and the End User complies with any use case restrictions set out in the Agreement:
• ID Verification – Fraud
• ID Verification – Regulatory
2.2. In addition to the Customer Use Case restrictions contained within clause 2.1 (including any conditions that apply to that Customer Use Case) the Supplier requires the relevant individual is informed that their data will be transferred and stored with Creditrefrom Boniversum GmbH.
2.3. The End User warrants that it will not use this Dataset for any reason outside of the Customer Use Case and Permitted Purpose

3. DATA PROTECTION AND COMPLIANCE WITH RELEVANT LAWS
3.1. The Supplier Data used to provide you with this Dataset is hosted by the Supplier in Germany. In order to deliver the Dataset, the Supplier shall receive and process End User Data in its capacity as an independent controller. In addition, the Supplier may retain copies of End User Data for audit and compliance purposes.
3.2. The End User acknowledges that the Supplier is obliged under relevant German data protection laws to send a letter of information to the respective individual when the individual is subject to a credit enquiry for the first time if the said individual has not been informed about personal data being transferred to the Supplier by other means.