• Supplier hosts the Supplier Data
• Supplier receives and processes End User Data in its capacity as data controller
• The Supplier is based in the UK
• The Supplier is a Credit Reference Agency (“CRA”) therefore the End User must include a reference to Credit Reference Agency Information Notice (“CRAIN”) in its privacy policy

The Supplier Data that GBG uses to provide Bank Account Verification is supplied by GBG’s Supplier, Equifax Limited ("Equifax") GBG is obliged under the terms of its agreement with its Supplier to ensure that all End Users agree to comply with the licensing provisions set out below.

1. DEFINITIONS
1.1. In these Additional Terms the following definitions shall apply, in addition to the definitions set out in the General Terms and Product Terms:
“End User Data” means any data provided to GBG by the End User for processing in accordance with the terms of the Agreement including where relevant any personal data.
“Permitted Purpose” means the purposes, restrictions and/or conditions for the use of the Dataset outlined by the Supplier as set out in clauses 2.3 to 2.6 below in addition to the Customer Use Case set out in the Agreement and at clause 2.1.

2. USE OF THE SUPPLIER DATA
2.1. The Supplier Data may only be used for the Customer Use Case detailed in this clause 2.1, provided that such Customer Use Case is selected on the End User’s Order Form and the End User complies with any use case restrictions set out in the Agreement or these Additional Terms:
• ID Verification – Fraud
• ID Verification - Regulatory
2.2. In addition to the Customer Use Case restrictions contained within clause 2.1 (including any conditions that apply to that Customer Use Case) clauses 2.3 -2.6 shall also apply
2.3. The End User is granted a non-exclusive licence to use the Supplier Data for the following purposes:
(a) assessing the risk of granting credit to consumers;
(b) detecting fraud in relation to the granting of credit to consumers;
(c) assisting in the prevention of money laundering;
(d) collecting debts and tracing customers who owe debts under consumer credit agreements;
(e) ID and age verification in respect of consumers;
(f) bank account validations;
(g) services which can reasonably de described as derivatives of the above permitted purpose descriptions such as, but not limited, developments of legislation relating to data protection and identify verification.
2.4. The End User must not refer to the Supplier Data as a credit or credit reference agency check.
2.5. The End User acknowledges and accepts that Equifax is a CRA and in utilising the services of a CRA, the End User is required by Equifax to include a link to the Credit Reference Agency Information Notice (commonly known as “CRAIN”) as set out below within their own fair processing notice or provide an off-line route to access information about CRAIN, such as printed copies The CRAIN notice link is as follows https://www.equifax.co.uk/crain.html.
2.6. The End User shall fully indemnify GBG against all liabilities, costs, expenses, damages and losses incurred by GBG as a result of the End User’s failure to incorporate the CRAIN notice within their fair processing policy.
2.7. The End User warrants that it will not use the Supplier Data for any reason outside of the Customer Use Case and the Permitted Purpose.

3. DATA PROTECTION AND COMPLIANCE WITH RELEVANT LAWS
3.1. The Supplier Data used to provide you with this element of the Service is hosted by Equifax in the United Kingdom. In order to perform the Services, Equifax shall receive and process End User Data in its capacity as an independent data controller for the sole purpose of delivering this element of the Service.
3.2. Equifax is based in the United Kingdom. On this basis, End User Data is not transferred outside of the UK or EEA in order to provide End Users with access to this element of the Service.

4. TERMINATION
4.1. Notwithstanding the termination provisions between GBG and the End User in the General Terms, under the terms of GBG’s agreement with Equifax, the supply of the Supplier Data can be terminated at any time if such supply is no longer possible under the terms of the agreement that Equifax has in place with its own third party data suppliers.