Section 13: Supplementary Terms for GBG Trust Alert Service

1.1 Where the Software is greenID with the GBG Trust Alert Service is taken, the terms of this section 13 shall apply.

1.2 The following definitions shall apply:

“Customer Data” has the same meaning given to it in the greenID licence agreement between us and you.

“Data Processing Agreement” or “DPA” means the data processing agreement (including its schedules) that sets out the privacy provisions that shall apply to all Order executed by the Parties which is available at https://www.gbgplc.com/en/legal-and-regulatory/data-processing-agreement/

“GBG Trust Alert Service” means a service that augments pseudonymised greenID transaction data with flags/alerts that indicate if potential fraud may have been detected through analysis of data collected by the GBG Trust Alert Service.

“GBG Trust Alert Service Subscribers” means a collective group of customers common to GBG that have agreed to use the GBG Trust Alert Service.

“De-identify” means information that is no longer about an identifiable individual or an individual who is reasonably identifiable.

“Pseudonymise” means the processing of personal information in such a manner that the personal information can no longer be attributed to a specific data subject without the use of additional information.

“Verification Subject” means an individual that You and/or other GBG Trust Alert Service subscribers have considered for verification and subsequently provided to greenID for identity verification purposes.

1.3 The GBG Trust Alert Service is processed in Australia.

1.4 Where the GBG Trust Alert Service has been taken, you will receive notification where a Verification Subject may have had potential fraud identified via the GBG Trust Alert Service.

1.5 The GBG Trust Alert Service will use De-identified and pseudonymised information (compiled with other information obtained from other GBG Trust Alert Service Subscribers) to attempt to detect potential fraud in accordance with the terms of use of this GBG Trust Alert Service.

1.6 Where the GBG Trust Alert Service is taken in conjunction with greenID, you:

(a) confirm that you have provided notification to individuals that their information will be used for both identity verification and fraud detection purposes and obtained their consent to do so;
(b) confirm that your collection statement meets all of the requirements of the Privacy Act 1988, including advising individuals of Our role in processing their data. Where any personal data is processed by GBG, it is done so in accordance with our Data Processing Agreement; and
(c) Agree to the disclosure of De-identified and pseudonymized information obtained for the limited purpose of delivery of the GBG Trust Alert Service to You and other GBG Trust Alert Service Subscribers.

1.7 In addition to your existing greenID service provided to You, You acknowledge that, in taking the GBG Trust Alert Service, You will provide Personal Information to Us (via greenID) that We will De-identify by way of pseudonymisation and, at our election, retain in accordance with the provision of the GBG Trust Alert Service, and share with GBG Trust Alert Service Subscribers.

1.8 Both parties agree that upon Pseudonymisation of the relevant Personal Information contained in any record created in connection with the GBG Trust Alert Service, the provisions set out in the Privacy Act 1988 will no longer apply.

1.9 Without limiting Supplier’s obligations under the Agreement, we agree that upon your written request, we must carry out the following actions (and must procure that our sub-contractors and employees do so also):

(a) promptly return to you all or any specified part of the Customer Data and all physical and written records containing that Customer Data;
(b) if requested by you, destroy or delete all or any specified part of Customer Data in a manner specified by you (acting reasonably) and promptly certify to you that this has been done. If no request by you is made, the Customer Data is deleted after two years from the date of the completed verification record in greenID.