• Supplier hosts the Supplier Data
• Supplier receives and processes End User Data in its capacity as an independent controller
• End User Data includes personal data
• The Supplier is based in the UK
• The United Kingdom is deemed to offer an adequate level of data protection by the European Commission
• The Supplier is a Credit Reference Agency (“CRA”) therefore the End User must include a reference to Credit Reference Agency Information Notice (“CRAIN”) in its fair processing notice

The Supplier Data used to provide UK Credit Reference Bureau (Advanced) is supplied by GBG’s Supplier, TransUnion International UK Limited (“TransUnion”). GBG is obliged under the terms of its agreement with its Supplier to ensure that all End Users agree to comply with the following licencing provisions:

1. DEFINITIONS
1.1. In these Additional Terms, the following definitions shall apply, in addition to the definitions set out in the General Terms and Product Terms:
“End User Data” means any data provided by the End User to GBG and TransUnion for processing, including where relevant any personal data, in accordance with these Additional Terms and any relevant terms within the Agreement.
“Permitted Purpose” means the purposes, restrictions and/or conditions for the use of the Dataset outlined by TransUnion as set out in clauses 2.3 to 2.13 below, in addition to the Customer Use Case set out in the Agreement and at clause 2.1.
“TransUnion Information Group” means TransUnion Information Group Limited (registered in England and Wales under company number 4968328) and its subsidiaries from time to time, including TransUnion.

2. USE OF THE DATASET
2.1. This Dataset may only be used for the Customer Use Cases detailed below, provided that such Customer Use Case is selected on the End User's Order Form and the End User complies with any use case restrictions set out in the Agreement:
• ID Verification – Fraud
• ID Verification – Regulatory
2.2. In addition to the Customer Use Case restrictions contained within clause 2.1 (including any conditions that apply to that Customer Use Case) clauses 2.3 - 2.13 shall also apply.
2.3. The End User shall not: (i) do anything which will render the Supplier Data inaccurate; (ii) in any way de-value the Supplier Data; or (iii) place itself, GBG or TransUnion in breach of any legislation, including the Applicable Data Protection Law.
2.4. The End User acknowledges and accepts that TransUnion is a credit reference agency (CRA) and in utilising the services of a CRA, the End User is required by TransUnion to include a link to the Credit Reference Agency Information Notice (commonly known as “CRAIN”) as set out below within their own fair processing notice. Prior to a search being carried out by an End User pursuant to the Services on a data subject who is the subject of such search where the data subject has applied to enter into an inbound financial transaction relationship with the End User, the End User shall (i) make the data subject aware that a search will be carried out; and (ii) shall present such data subjects with a link to the CRAIN as listed at the following hyperlink: https://www.transunion.co.uk/legal/privacy-centre
2.5. The End User shall fully indemnify GBG against all liabilities, costs, expenses, damages and losses incurred by GBG as a result of the End User’s failure to incorporate the CRAIN notice as set out in clause 2.4 above within their fair processing policy.
2.6. The End User shall make each data subject aware that a search footprint is retained by TransUnion in respect of a search made using this Dataset. Such search footprint will show that an identity verification/anti-money laundering check has been performed. For the avoidance of doubt, if the data subject contacts the End User to query the search, the End User shall inform the data subject of the identity of the relevant credit reference agency in order that the data subject can approach such credit reference agency to obtain a copy of their credit file.
2.7. The End user will keep the Results confidential.
2.8. The End user shall at all times implement and maintain appropriate technical and organisational measures to protect the Results.
2.9. The End User shall make the data subject aware that the search footprint retained by TransUnion, in respect of a search made using this Dataset, will read as having been made by GBG and the End User.
2.10. The End User shall procure that after the Supplier Data and/or Results has been used once for the Permitted Purpose, it will not be accessed thereafter other than for audit purposes.
2.11. Notwithstanding the General Terms and/or Product Terms, the End User shall not assign, transfer or otherwise make over any part of the Agreement without the GBG’s prior written consent (such consent not to be unreasonably withheld or delayed).
2.12. TransUnion makes no warranties or representations as to the suitability of the Result for any particular purpose. The End User acknowledges that it is responsible for satisfying itself that the Results are suitable for any use (within the scope of the Permitted Purpose). The End User further acknowledges that given the nature of the service delivered by TransUnion, GBG recommends that the End User does not use the Results as the sole basis for any business decision.
2.13. The End User shall only use the Dataset in respect of data subjects who are residents of the UK, Isle of Man or the Channel Islands.
2.14. The End User warrants that it will not use this Dataset for any reason outside of the Customer Use Case and Permitted Purpose.

3. LIABILITY
3.1. Notwithstanding any right that the End User has against GBG, the End User shall not be entitled make a claim directly against TransUnion under any circumstances.

4. DUE DILLIGENCE AND AUDIT
4.1. Prior to granting the End User access to the Dataset, the End User acknowledges that GBG must use reasonable endeavours to ensure that the End User has a legitimate reason to access this Dataset and that the End User’s intended use or this Dataset complies with relevant laws and meets the minimum standards specified by TransUnion.
4.2. The End User acknowledges and agrees that the access to the Dataset is dependent on it passing GBG’s review carried out in accordance with clause 4.1 and that it shall cooperate with GBG and provide all necessary information to enable GBG to comply with its obligations.
4.3. Subject to the End User being given reasonable prior written notice, the End User shall permit GBG and TransUnion to have reasonable access during the End User’s normal business hours to the End User’s relevant premises and relevant operations for the sole purpose of ensuring that the End User is complying with its obligations under the Agreement.

5. DATA PROTECTION AND COMPLIANCE WITH RELEVANT LAWS
5.1. The Supplier Data used to provide the End User with the Dataset is hosted by TransUnion in the UK. In order to deliver the Dataset, TransUnion shall receive and process End User Data as an independent controller. In addition, TransUnion may retain copies of End User Data for audit and compliance purposes.
5.2. TransUnion is based in the United Kingdom. The United Kingdom is deemed to offer an adequate level of data protection for personal data by the European Commission, therefore End User Data can be safely transferred to TransUnion without further data export safeguards.

6. TRANSUNION’S LICENCE RIGHTS
6.1. The End user allows GBG to grant to each of the TransUnion Information Group companies a non-exclusive, irrevocable, perpetual licence to copy, store, use and sub-license End User Data (including the electronic mail and internet protocol addresses that form part of End User Data, where applicable) to enable the TransUnion Information Group companies to provide services to their clients in which End User Data is used to assist with identity verification, prevention of fraud/money laundering, service delivery and process implementation only. For the avoidance of doubt, the electronic mail and internet protocol addresses that form part of End User Data (where applicable) will not be used to initiate contact with the End User for marketing purposes.
6.2. The End User warrants that (i) it has the right to license End User Data to TransUnion Information Group companies for the purposes of the Agreement; and (ii) the use of End User Data, pursuant to and in accordance with this Agreement, will not infringe the Intellectual Property Rights of any third party.
6.3. The End User warrants that, in compliance with the applicable laws (including the Applicable Data Protection Law), all appropriate notices have been given and/or consents (including data subject consents) have been obtained to enable End User Data (together with the related Supplier Data) to be used in the manner described in clauses 6.1 and 6.2 above.