• The Supplier’s supplier hosts the Supplier Data
• The Supplier and the Supplier’s supplier receive and process the End User Data
• The End User Data includes personal data
• The Supplier processes the End User Data in the EEA
• The Supplier’s supplier processes the End User Data in the United States of America
• The Supplier’s supplier is based outside of the EEA and the United Kingdom
• The Supplier has an arrangement in place with the Supplier’s supplier to maintain appropriate safeguards

The Supplier Data used to provide 0510 US Mobile Identity and 0516 US Mobile Fraud Signals Datasets is supplied by the Supplier. GBG is obliged under the terms of its agreement with its Supplier to ensure that all End Users agree to comply with the following licencing provisions. These Additional Terms apply to 0510 US Mobile Identity and 0516 US Mobile Fraud Signals Datasets. Individual 0510 US Mobile Identity and 0516 US Mobile Fraud Signals Datasets can be identified by the ID number listed on the End User’s Order Form.

1. DEFINITIONS
1.1. In these Additional Terms, the following definitions shall apply, in addition to the definitions set out in the General Terms and Product Terms:
“End User Data” means any data provided to GBG by the End User for processing in accordance with the terms of the Agreement including where relevant any personal data.
"Standard Contractual Clauses" means: (i) where the EU GDPR applies, the contractual clauses annexed to the European Commission's Implementing Decision 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council ("EU SCCs"); and (ii) where the UK GDPR applies, standard data protection clauses in the form of the International Data Transfer Addendum to the EU Commission Standard Contractual Clauses adopted pursuant to or permitted under Article 46 of the UK GDPR ("UK SCCs").

2. USE OF THE DATASET
2.1. This Dataset may only be used for the Customer Use Cases detailed below, provided that such Customer Use Case is selected on the End User's Order Form and the End User complies with any use case restrictions set out in the Agreement:
• ID Verification – Fraud
• ID Verification – Regulatory
2.2. The End User warrants that it will not use this Dataset for any reason outside of the Customer Use Case and the Permitted Purpose.

3. DATA PROTECTION AND COMPLIANCE WITH RELEVANT LAWS
3.1. The Supplier Data used to provide you with this Dataset is hosted by the Supplier’s supplier.
3.2. In order to deliver the Dataset, the Supplier shall receive and process the End User Data in its capacity as an independent controller.
3.3. The Supplier processes the End User Data in the EEA. The EEA is deemed to offer an adequate level of data protection for personal data by the United Kingdom, therefore the End User Data can be safely transferred to the Supplier without further data export safeguards.
3.4. The Supplier’s supplier processes the End User Data in the United States of America.
3.5. The Supplier has entered into the Standard Contractual Clauses with the Supplier’s supplier to ensure safe onward transit of the End User Data.