The Supplier Data used to provide the US Identity SSN Push Dataset is provided by GBG’s Supplier, LexisNexis Risk Solutions FL, Inc. GBG is obliged under the terms of its agreement with its Supplier to ensure that all End Users agree to comply with the following licencing provisions:

1. DEFINITIONS
1.1. In these Additional Terms, the following definitions shall apply, in addition to the definitions set out in the General Terms and Product Terms:
“End User Data” any data provided to GBG by the End User for processing in accordance with the terms of the Agreement including where relevant any Personal Data.
“Permitted Purpose” means the purposes, restrictions and/or conditions for the use of the Dataset outlined by the Supplier as set out in these Additional Terms below in addition to the Customer Use Case set out in the Agreement.

2. USE OF THE DATASET
2.1. The End User shall not use the Dataset for marketing purposes or resell or broker the Dataset to any third party and shall not use the Dataset for personal (non-business) purposes. The End User shall not use the Dataset to provide data processing services to third-parties or evaluate the data of or for third-parties.
2.2. Some of the information contained in the Dataset is “nonpublic personal information” as defined in the Gramm-Leach-Bliley Act (15 U.S.C. § 6801, et seq.) and related state laws, (collectively, the “GLBA”), and is regulated by the GLBA (“GLBA Data”). The End User shall not obtain and/or use GLBA Data through the Dataset, in any manner that would violate the GLBA, or any similar state or local laws, regulations and rules. The End User acknowledges and agrees that it may be required to certify its permissible use of GLBA Data falling within an exception set forth in the GLBA at the time it requests information in connection with the Dataset and will recertify upon request by GBG. The End User certifies with respect to GLBA Data received through the Dataset that it complies with the Interagency Standards for Safeguarding Customer Information issued pursuant to the GLBA.
2.3. Some of the information contained in the Dataset is “personal information,” as defined in the Drivers Privacy Protection Act (18 U.S.C. § 2721, et seq.) and related state laws, (collectively, the “DPPA”), and is regulated by the DPPA (“DPPA Data”). The End User shall not obtain and/or use DPPA Data through the Dataset in any manner that would violate the DPPA. The End User acknowledges and agrees that it may be required to certify its permissible use of DPPA Data at the time it requests information in connection with certain Dataset and will recertify upon request by GBG.
2.4. For uses of GLBA Data and DPPA Data as described in clause 2.2 and 2.3 above, the End User shall maintain for a period of five (5) years a complete and accurate record (including consumer identity, purpose and, if applicable, consumer authorization) pertaining to every access to such Data.
2.5. GBG may, in its sole discretion, and subject to obligations imposed by the Supplier, permit the End User to access full social security numbers (nine (9) digits) and driver’s license numbers (collectively, “QA Data”). If the End User is authorized by GBG to receive QA Data, and the End User obtains QA Data through the Dataset, the End User certifies it will not use the QA Data for any purpose other than as expressly authorized by GBG (e.g. in accordance with the information provided by the End User during the due diligence process required prior to the use of the Dataset), the terms and conditions herein, and applicable laws and regulations. In addition to the restrictions on distribution otherwise set forth below, the End User agrees that it will not permit QA Data obtained through the Dataset to be used by an employee or contractor that is not an authorized user using the Dataset for the Permitted Purpose. The End User agrees it will certify, in writing, its uses for QA Data and recertify upon request by GBG. The End User may not, to the extent permitted by the terms of the Agreement, transfer QA Data via email or ftp without GBG’s prior written consent. However, the End User shall be permitted to transfer such information so long as: 1) a secured method (for example, sftp) is used, 2) transfer is not to any third-party, and 3) such transfer is limited to such use as permitted under this Agreement. GBG may at any time and for any or no reason cease to provide or limit the provision of QA Data to the End User.
2.6. Any Dataset provided pursuant to this Agreement is not provided by “consumer reporting agencies,” as that term is defined in the Fair Credit Reporting Act, (15 U.S.C. §1681, et seq.), (the “FCRA”), and does not constitute “consumer reports” as that term is defined in the FCRA. Accordingly, the Dataset may not be used in whole or in part as a factor in determining eligibility for credit, insurance, employment or another purpose in connection with which a consumer report may be used under the FCRA. Further, the End User certifies that it will not use any of the information it receives through the Dataset to determine, in whole or in part an individual’s eligibility for any of the following products, services or transactions: (1) credit or insurance to be used primarily for personal, family or household purposes; (2) employment purposes; (3) a license or other benefit granted by a government agency; or (4) any other product, service or transaction in connection with which a consumer report may be used under the FCRA or any similar state statute, including without limitation apartment rental, check-cashing, or the opening of a deposit or transaction account. By way of clarification, without limiting the foregoing, the End User may use, except as otherwise prohibited or limited by this Agreement, information received through the Dataset for the following purposes: (1) to verify or authenticate an individual’s identity; or (2) to prevent or detect fraud or other unlawful activity.
2.7. If the End User is a health plan, a health care clearinghouse, or a health care provider that transmits health information electronically under the Health Insurance Portability and Accountability Act of 1996, the End User represents and warrants that it will not provide GBG with any Protected Health Information (as that term is defined in 45 C.F.R. Sec. 160.103) or with Electronic Health Records or Patient Health Records (as those terms are defined in 42 U.S.C. Sec. 17921(5), and 42 U.S.C. Sec. 17921(11), respectively) or with information from such records without the execution of a separate agreement between the parties.
2.8. The End User warrants that it will not use this Dataset for any reason outside of the Permitted Purpose.

3. DUE DILIGENCE
3.1. Prior to granting the End User access to this Dataset, GBG must carry out a comprehensive membership review of the End User to determine whether the End Users are appropriately verified and credentialed.
3.2. The End User acknowledges and agrees that access to this Dataset is dependent on the completion of a satisfactory questionnaire that demonstrates compliance with these terms in accordance with clause 3.1.

4. SECURITY
4.1. In addition to the security provisions set out in the Agreement, the End User agrees to implement and maintain administrative, technical, and physical safeguards to protect the security, confidentiality, and integrity of the Datasets, in accordance with the requirements of the GLBA Safeguards Rule (16 C.F.R. Part 314).