The Supplier Data used to provide the 0406 Superbureau Dataset is provided by GBG’s Suppliers, Experian Ltd (“Experian”) and/or TransUnion International UK Limited (“TransUnion”) and/or and Equifax Ltd (“Equifax”) GBG is obliged under the terms of its agreement with its Suppliers to ensure that all End Users agree to comply with the following licensing provisions:

1. DEFINITIONS
1.1. In these Additional Terms the following definitions shall apply, in addition to the definitions set out in the General Terms and Product Terms:
“Applicable Laws” means all applicable laws, enactments, rules, regulations, orders, regulatory policies, regulatory permits and licences, and any mandatory instructions or requests of a regulator, in each case which are in force from time to time, including:
i. The Consumer Credit Acts 1974 and 2006;
ii. The Data Protection Act 2018;
iii. The Representation of the People (England and Wales) Regulations 2001;
iv. The Financial Services and Markets Act 2000 (Money Laundering Regulations 2001);
v. Rules made by the Steering Committee on Reciprocity; and
vi. The Guide to Credit Scoring 2000.
“End User Data” means any data provided to GBG by the End User for processing in accordance with the terms of the Agreement including where relevant any personal data.
“Online Gambling” means gambling services accessed via remote communication whereby players (who are individuals who are potential or actual customers of the End User in connection with online gambling) register, deposit funds and bet and/or play games.
“Permitted Purpose” means the purposes, restrictions and/or conditions for the use of the Dataset outlined by the Suppliers as set out in clauses 2.3 to 2.14 below in addition to the Customer Use Case set out in the Agreement and at clause 2.1.
“TransUnion Information Group” means TransUnion Information Group Limited (registered in England and Wales under company number 4968328) and its subsidiaries from time to time, including TransUnion.

2. USE OF THE DATASET
2.1. This Dataset may only be used for the Customer Use Cases detailed below, provided that such Customer Use Case is selected on the End User's Order Form and the End User complies with any use case restrictions set out in the Agreement:
• ID Verification – Fraud
• ID Verification – Regulatory
2.2. In addition to the Customer Use Case restrictions contained within clause 2.1 (including any conditions that apply to that Customer Use Case) clauses 2.3-2.15 shall also apply.
2.3. The End User acknowledges and accepts that by using this Dataset, GBG will use one or all of the Suppliers to carry out Transactions as part of the Service.
2.4. Before using the Dataset to obtain information relating to a data subject that has applied to enter into an inbound financial transaction relationship with the End User, the End User shall notify the data subject that: (a) information which the data subject sends to the End User may be disclosed to the CRAs, which may keep a record of that information (this is known as a search footprint, which is left on the data subject’s credit file); (b) a search will be carried out with the Supplier(s) for the purposes of verifying their identity, (c) the relevant CRA(s) may disclose that information, and the fact that a search was made, to its/their other customers for the purposes of assessing the risk of giving credit and occasionally to prevent fraud, money laundering and to trace debtors and (d) the Suppliers may check the End User Data against any particulars on any database (public or otherwise) to which they have access in order to verify the data subject’s identity . Upon request the End User shall send GBG a copy, or transcript, of the notification it uses.
2.5. The End User acknowledges and accepts that Experian, TransUnion and Equifax are CRAs and in utilising the services of a CRA, the End User is required by Experian, TransUnion and Equifax to include a link to the Credit Reference Agency Information Notice (commonly known as “CRAIN”) as set out below within their own fair processing notice or provide an off-line route to access information about CRAIN, such as printed copies The CRAIN notice links are as follows: https://www.experian.co.uk/legal/crain/ for Experian, https://www.transunion.co.uk/legal/privacy-centre for TransUnion and https://www.equifax.co.uk/crain.html for Equifax.
2.6. To the extent that the End User is able to so, the End User grants the relevant Supplier(s) a perpetual, royalty free right to record the information referred to in clause 2.4 for the purposes referred to in clause 2.4(c).
2.7. The End User shall fully indemnify GBG against all liabilities, costs, expenses, damages and losses incurred by GBG as a result of the End User’s failure to incorporate the CRAIN notices, as set out in clause 2.5, within their fair processing notice.
2.8. GBG will notify the End User of the search type or types it is entitled to carry out when using the Dataset. The Suppliers may from time to time change the search types which the End User is entitled to carry out. GBG will notify the End User in writing of any such changes in reasonable time before the change becomes effective. The End User shall ensure that it understands which search type code are required to use for each kind of search the End User carry out using the Dataset and the End User shall ensure that it will use the correct search type code at all times when using the Dataset.
2.9. The End User shall not: (i) do anything which will render the Supplier Data inaccurate; (ii) in any way de-value the Supplier Data; or (iii) place itself, GBG or its Supplier in breach of any legislation, including the Applicable Data Protection Law. The End User shall comply at all times with the Applicable Laws.
2.10. The End User shall make the data subject aware that the search footprint retained by TransUnion, in respect of a search made using this Dataset, will read as having been made by GBG and the End User.
2.11. The End User shall only use the Dataset in respect of data subjects who are residents of the United Kingdom.
2.12. The End User shall procure that after the Supplier Data and/or Results has been used once for the Permitted Purpose, it will not be accessed thereafter other than for audit purposes.
2.13. Where the End User uses this Dataset in connection with Online Gambling, the End User may only use the Dataset for the Permitted Purpose and to comply with its legal and regulatory obligations in respect of its Online Gambling activities.
2.14. The End user will keep the Results confidential.
2.15. The End user shall at all times implement and maintain appropriate technical and organisational measures to protect the Results.
2.16. Notwithstanding the General Terms and/or Product Terms, the End User shall not assign, transfer or otherwise make over any part of the Agreement without the GBG’s prior written consent (such consent not to be unreasonably withheld or delayed).
2.17. The End User warrants that it will not use the Dataset for any reason outside of the Customer Use Case and the Permitted Purpose.

3. LIABILITY AND EXCLUSION OF WARRANTIES
3.1. Except as expressly provided in these Additional Terms, all representations, conditions and warranties (including any warranties or representations as to the suitability of the Result for any particular purpose) whether express or implied (by statute or otherwise) are hereby excluded by the Suppliers to the fullest extent permitted by law. The End User acknowledges that it is responsible for satisfying itself that the Results are suitable for any use (within the scope of the Permitted Purpose). The End User further acknowledges that given the nature of the service delivered by the Suppliers, GBG recommends that the End User does not use the Results as the sole basis for any business decision.
3.2. Notwithstanding any right that the End User has against GBG, where the Dataset used by the End User is provided by TransUnion, the End User shall not be entitled make a claim directly against TransUnion under any circumstances.
3.3. Where the Dataset used by the End User is provided by Equifax:
(a) In addition to any right that the End User has against GBG, the End User is also entitled make a claim directly against Equifax under these Additional Terms provided that it gives Equifax written notice of the claim within six (6) months of becoming aware of the circumstances giving rise to the claim or, if earlier, six (6) months from the time the End User ought reasonably to have become aware of such circumstances.
(b) Equifax entire liability in respect of any single cause of action arising out of or in connection with the Supplier Data or the Dataset (whether for breach of contract, negligence, under statute or otherwise) provided by Equifax shall be limited to fifty pounds (£50). The End User shall not be entitled to recover from Equifax and GBG in respect of the same loss.
(c) Nothing in these Additional Terms shall limit or exclude the Supplier’s liability for death, personal injury or fraud arising from its negligence.

4. DUE DILLIGENCE AND AUDIT
4.1. Prior to granting the End User access to the Dataset, the End User acknowledges that GBG must use reasonable endeavours to ensure that the End User has a legitimate reason to access this Dataset, and that the End User’s intended use or this Dataset complies with relevant laws and meets the minimum standards specified by the Suppliers.
4.2. The End User acknowledges and agrees that the access to the Dataset is dependent on it passing GBG’s review carried out in accordance with clause 4.1 and that it shall cooperate with GBG and provide all necessary information to enable GBG to comply with its obligations to its Suppliers.
4.3. Subject to the End User being given reasonable prior written notice, the End User shall permit GBG and its Suppliers to have reasonable access during the End User’s normal business hours to the End User’s relevant premises and relevant operations for the sole purpose of ensuring that the End User is complying with its obligations under the Agreement.

5. DATA PROTECTION AND COMPLIANCE WITH RELEVANT LAWS
5.1. The Supplier Data used to provide the End User with this Dataset is hosted by Experian, TransUnion and Equifax (as the case may be), in the United Kingdom. In order to deliver the Dataset, Experian, TransUnion and Equifax (as the case may be) shall receive and process End User Data in their capacity as independent controllers. In addition, the Supplier(s) may retain copies of End User Data for audit and compliance purposes.
5.2. The Suppliers are based in the United Kingdom. The United Kingdom is deemed to offer an adequate level of data protection for personal data by the European Commission, therefore End User Data can be safely transferred to the Suppliers without further data export safeguards.
5.3. Notwithstanding clause 5.2, the Suppliers may, on an occasional and temporary basis, transfer End User Data outside of the EEA to third parties appointed as general suppliers of technology and services to the Suppliers in order to support and maintain the Suppliers’ service. In such circumstance, the Suppliers shall ensure that appropriate safeguards are in place with such third-party supplier.

6. TRANSUNION’S LICENCE RIGHTS
6.1. Where the Dataset used by the End User is provided by TransUnion, the End user allows GBG to grant to each of the TransUnion Information Group companies a non-exclusive, irrevocable, perpetual licence to copy, store, use and sub-license End User Data (including the electronic mail and internet protocol addresses that form part of End User Data, where applicable) to enable the TransUnion Information Group companies to provide services to their clients in which End User Data is used to assist with identity verification, prevention of fraud/money laundering, service delivery and process implementation only. For the avoidance of doubt, the electronic mail and internet protocol addresses that form part of End User Data (where applicable) will not be used to initiate contact with the End User for marketing purposes.
6.2. The End User warrants that (i) it has the right to license End User Data to TransUnion Information Group companies for the purposes of the Agreement; and (ii) the use of End User Data, pursuant to and in accordance with this Agreement, will not infringe the Intellectual Property Rights of any third party.
6.3. The End User warrants that it is responsible for complying with all necessary transparency and lawful requirements under Applicable Data Protection Law in order to enable End User Data (together with the related Supplier Data) to be used in the manner described in clauses 6.1 and 6.2 above.

7. TERMINATION
7.1. Notwithstanding the termination provisions between GBG and the End User in the General Terms, under the terms of GBG’s agreement with the Suppliers, the supply of this Dataset can be terminated at any time if such supply is no longer possible under the terms of the agreement that the Suppliers have in place with their own third-party data suppliers.
7.2. GBG may (at the request of any of the Suppliers) from time to time and on reasonable notice to the End User update, modify and change the Supplier Data, the delivery mechanism, and the Permitted Purpose, or end this element of the Agreement:
(a) to comply with the Applicable Law;
(b) if the End User or any member of its corporate group applies for or is granted the status of a Credit Reference Agency;
(c) to keep pace with changes to the Suppliers’ IT systems and usual means of data supply; and
(d) to accord with the Suppliers’ rights under the terms on which it receives any relevant data from third parties.