Web Services Agreement
GENERAL TERMS AND CONDITIONS

These General Terms shall apply to all use of the Service. Additional Terms may also apply depending on the specific Services purchased from GBG. These Additional Terms are attached to this Agreement as appendices and shall form part of the Agreement where selected.

The ID3global Electronic Identity Verification Service ("GBG|ID3global Service") that Creditsafe ("We/Us/Our") use to provide You with the identification and anti-money laundering service is supplied by GB Group plc ("GBG"). GBG has authorised Us to act as its authorised intermediary in relation to the GBG|ID3global Service which GBG provide to You. We are obliged under the terms of Our agreement with GBG to ensure that You agree to and comply with the provisions as laid out in the End User Terms and Conditions a copy of which is set out below. Accordingly, You acknowledge and agree to (i) a legal and binding agreement between You and GBG for the GBG|ID3global Service incorporating the terms of the End User Terms and Conditions and (ii) comply with its terms. Notwithstanding the terms of the End User Terms and Conditions, the parties agree that:

1. DEFINITIONS AND INTERPRETATION

1.1. In these General Terms the following definitions shall apply:

“Additional Terms” means the special terms and conditions relating to particular aspects of the Service as set out in the appendices to this Agreement which will apply if the Client has selected that aspect of the Service on the Order Form.

“Agreement” means the Additional Terms, these General Terms, and the relevant Order Form, which in the case of conflict rank in the order of precedence set out above.

“Business Day” means Monday to Friday (excluding public and bank holidays in England).

“Charges” means the charges set out in the Order Form during the Initial Period and thereafter shall mean Our standard pricing.

“Client” means the organisation, firm, company or public authority named on the Order Form that receives the Service provided by GBG.

“Client Information” means data and any other materials provided or otherwise made available to GBG by or on behalf of the Client. This may include Personal Data on individuals such as the Client’s employees and customers.

“Confidential Information” means any information relating to the business of the disclosing Party which is not publicly available including, but not limited to, (i) Client Information, information regarding the business, affairs, customers, clients, suppliers, operations, processes, product information, know-how, technical information, designs, trade secrets or software of the disclosing Party; (ii) any information, findings, data or analysis derived from Confidential Information including the Output Material; (iii) the existence and terms of this Agreement; and (iv) any other information which should otherwise be reasonably regarded as possessing a quality of confidence or as having commercial value in relation to the business of the disclosing Party.

“Contract Start Date” means the date specified as the contract start date on the Order Form.

“Data Subject” means a living individual about whom a Data Controller holds Personal Data. For the purposes of this agreement, this may include an individual whose details are provided to GBG by the Client as part of the Client Information.

“Event of Force Majeure” means any one or more acts, events, omissions or accidents beyond the reasonable control of a Party, including but not limited to: strikes, lock-outs or other industrial disputes (other than a Party’s own); failure of a utility service, or transport network or information technology or telecommunications service; act of God (including without limitation fire, flood, earthquake, storm or other natural disaster); war, threat of war, riot, civil commotion or terrorist attack; malicious damage (including without limitation the acts of hackers); epidemic; compliance with any law or governmental order, rule, regulation or direction; and/or default, non-performance or late performance of suppliers or sub-contractors.

“GBG” means GB Group plc of The Foundation, Herons Way, Chester Business Park, Chester, CH4 9GB registered in England No 2415211, including its authorised sub-contractors and agents.

“Group Company” means in relation to a Party, that Party, any subsidiary or holding company from time to time of the Party and any subsidiary from time to time of a holding company of that Party, as defined by s1159 of the Companies Act 2006, as amended from time to time.

“Helpdesk” means the helpdesk facility provided by GBG to handle enquiries and administration for the Service.

“Initial Period” means the period specified on the Order Form starting on the Contract Start Date.

“Intellectual Property Rights” means (i) patents, rights to inventions, rights in designs, trademarks and trade names, copyright and related rights, rights in goodwill, database rights and know-how, whether registered or not; (ii) all other intellectual property rights or forms of protection and similar or equivalent rights anywhere in the world (whether registered or not) which currently exist or are recognised in the future; and (iii) all applications, extensions and renewals to any such rights.</p> 

“Order Form” means the order form annexed to or relating to this Agreement as accepted by the Parties.

“Output Material” means all information provided to a Client by GBG including the results of any enquiry or search, reports, certificates or management information relating to the Client’s use of the Service.

“Party” means a party to this Agreement and “Parties” shall be construed accordingly. 

“Permitted User” means data which relates to a living individual who can be identified (i) from that data, or (ii) from that data and other GBG|ID3global – Web Services Agreement v2.0 (Creditsafe) information which is in the possession of, or is likely to come into the possession of, the Data Controller and includes any expression of opinion about the individual and any indication of the intentions of the Data Controller or any other person in respect of the individual.

“Prepayments” means the prepayments of the Charges to be made by the Client as indicated on the Order Form.

“Privacy and Data Protection Requirements” the Data Protection Act 1998, the Data Protection Directive (95/46/EC), the Regulation of Investigatory Powers Act 2000, the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 (SI 2000/2699), the Electronic Communications Data Protection Directive (2002/58/EC), the Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2426/2003) and all applicable laws and regulations relating to the processing of personal data and privacy, including where applicable the guidance and codes of practice issued by the Information Commissioner or any other supervisory authority, and the equivalent of any of the foregoing in any relevant jurisdiction.

“Professional Services” means the professional services as indicated on the Order Form and provided in accordance with the terms of Schedule 2.

“Service” means the GBG|ID3global service, the Standard Support Services and the Professional Services as detailed in the Order Form together with any other ancillary services provided by GBG to the Client pursuant to this Agreement.

“Standard Support Services” means the standard support services as indicated on the Order Form and provided in accordance with the terms of Schedule 1

“System Administrator” means the individual(s) named as such on the Order Form or their replacement(s) as notified to GBG by the Client who will be familiar with the use of the Service and be the first point of contact for all Permitted Users of the Service.

“User Profile” means the specific configuration of the Service created for the Client as detailed on the Order Form.

1.2. The headings in this Agreement do not affect its interpretation.

1.3. References to clauses, sections and appendices are to clauses, sections and appendices of this Agreement.

1.4. Words in the singular include the plural and vice versa.

1.5 A reference to “writing” or “written” does not include electronic mail or facsimiles.

2. TERM OF THE AGREEMENT

2.1.This Agreement will start on the Contract Start Date and will continue for the Initial Period and thereafter until terminated in accordance with clause 7.3 or clause 11 of these General Terms.

3. PROVISION OF THE SERVICE

3.1. GBG will provide the Client with the Service detailed in the Order Form in accordance with the terms set out in this Agreement.

3.2. GBG will use reasonable endeavours to provide the Service in accordance with any timetable agreed with the Client. However, the Client acknowledges and accepts that any dates given by GBG are estimates only and that delivery of the Service will be dependent upon the Client’s timely cooperation with GBG as well as other factors outside of GBG’s reasonable control.

3.3. The Client acknowledges and accepts that occasionally GBG, in providing the Service, may be required to:

a. Tchange the technical specification of the Service for operational reasons, however, GBG will ensure that any change to the technical specification does not materially reduce or detrimentally impact the performance of the Service;
b. give the Client instructions which it reasonably believes are necessary for reasons of health, safety or the quality of any Service provided by GBG and the Client shall comply with such instructions; and

c. suspend the Service for operational reasons such as repair, maintenance or improvement or because of an emergency, in which case GBG will give the Client as much on-line, written or oral notice as possible and shall ensure that the Service is restored as soon as possible following suspension.

3.4. The Client shall be responsible for:
a. ensuring that it has a minimum of one System Administrator who is familiar with the use of the Service and can act as the first point of contact for all Permitted Users of the Service;
b. informing GBG of any changes to the Client’s System Administrator’s contact details without undue delay;
c. providing the telecommunications and network services and correctly configured hardware and other equipment needed to connect to the Service;
d. the configuration and management of access to the Service including configuration of the Client’s network, firewall, DNS, routers, personal computers and User Profile; and
e. obtaining GBG’s prior written consent to any integration of the Service into a website or call centre application which the Client may wish to undertake; and
f. any work required for any integration approved by GBG.

3.5. The Client must inform GBG, without undue delay, of any changes to the information which the Client supplied within the Order Form.

4. USE OF THE SERVICE

4.1. The Client shall comply with these General Terms and all relevant Additional Terms to this Agreement.

4.2. The Client must ensure that any software, equipment and materials which are used with the Service:
a. are connected and used in accordance with any instructions and security procedures specified by GBG or other relevant third party licensor;
b. are technically compatible with the Service and meet the minimum technical specifications detailed on the Order Form.

4.3. The Client shall only access the Service as permitted by GBG and shall not attempt at any time to circumvent system security or access the source software or compiled code.

4.4. The Service is provided solely for the Client’s own internal use. The Client must not resell or attempt to resell the Service (or any part or facility of it, including the Output Material) to any third party without first entering into an appropriate agreement signed by an authorised representative of GBG.

4.5. The Client must not use the Service for the purposes of verifying the identity of Data Subjects where the Client does not have the relevant permission or consent from the Data Subject in accordance with the Privacy and Data Protection Requirements.

4.6. The Service is protected by Intellectual Property Rights. The Client must not copy, store, adapt, modify, transmit or distribute the Service except to Permitted Users or permit anyone else to do the same.

4.7. The Client shall be responsible for the creation, maintenance and design of all Client Information.

4.8. The Client warrants that it shall comply with all apply legislation, instructions and guidelines issued by regulatory authorities, relevant licences and any other codes of practice which apply to the Client and its use of the Service including those which relate to the provision of Client Information.

4.9. The Client is responsible for the acts and omissions of all Permitted Users of the Service and is liable for any failure by a Permitted User to perform or observe the terms and conditions of this Agreement including without limitation to the provisions set out in the Additional Terms and any instructions issued under clauses 3.3(b) and 4.2.

4.10. If the Client uses the Service in contravention of this clause 4 then GBG shall be entitled to treat the contravention as a material breach of this Agreement which cannot be remedied for the purposes of paragraph 11.3(b).

5. Security

5.1. The Client is responsible for the security and proper use of all user identities (“User IDs”) and passwords used in connection with the Service (including changing passwords on a regular basis).  

5.2. The Client shall take all necessary steps to ensure that User IDs are kept confidential, secure, are used properly and are not disclosed to any unauthorised parties. For the avoidance of doubt, the Client will be responsible for all Charges for the Service where its User ID has been used to access the Service.

5.3. The Client must immediately inform GBG if there is any reason to believe that a User ID or password has or is likely to become known to someone not authorised to use it or is being or is likely to be used in an unauthorised way.

5.4. GBG reserves the right to suspend User ID and password access to the Service if at any time GBG reasonably considers that there is or is likely to be a breach of security or misuse of the Service and/or to require the Client to change any or all of the passwords used by the Client in connection with the Service.  .

6. Charges and Payment

6.1 The Client shall pay all Charges due under this Agreement within 28 days of the date of the invoice. The due date for all invoices issued by GBG shall be 28 days from the date of the invoices.

6.2. If specified in the Order Form that the Client is to pay the Charges in advance or by direct debit then such payments shall be made on or before the date specified in the Order Form.

6.3. Charges will be invoiced and paid in pounds sterling unless otherwise agreed in the Order Form. Where applicable, Value Added Tax (or any other applicable tax or charge in a country where the Service is provided) will be added to the Charges.

6.4. If the Client fails to pay any part of the Charges when due, it shall be liable to pay GBG interest on such part of the Charges from the due date for payment at an annual rate of 8% above the base lending rate of National Westminster Bank plc from time to time accruing at a daily rate until payment is made in full in accordance with the Late Payment of Commercial Debts (Interest) Act 1998.

6.5. In the event of late payment, if the Client undergoes a restructure or re-organisation, or if the Client has been affected by one of the circumstances listed in clause 11.3, on receipt of GBG’s reasonable request, the Client shall pay a deposit or provide a guarantee as security for payment of future invoices for the Service.

6.6. The Client shall make all payments due under this Agreement without any deduction whether by set-off, counterclaim, discount, abatement or otherwise.

6.7. If the Client breaches any term of this Agreement and the Client has received preferential pricing or payment terms under this Agreement, any preferential pricing or payment terms shall cease to apply immediately upon GBG’s notice to the Client. At GBG’s sole discretion, if the Client’s breach is capable of remedy, GBG may specify in the notice a time period within which the Client must remedy the breach to avoid the cessation of the preferential pricing or payment terms. In the event that any preferential pricing or payment terms cease to apply pursuant to this clause 6.7, GBG’s standard pricing and payment terms will apply in respect of the Client’s continued use of the Service and use throughout the entirety of the Initial Period (including the Client’s use of the Service prior to such cessation) and the Client shall account to GBG immediately upon written demand for any shortfall in the Charges paid by the Client.

6.8. If the Client has received preferential pricing or payment terms under this Agreement or if the standard pricing or payment terms that applied on the Contract Start Date have changed during the Initial Period then unless otherwise expressly agreed in writing between the Parties, GBG’s standard pricing and payment terms will prevail in respect of the Client’s continued use of the Service after the Initial Period.

6.9. After the expiry of the Initial Period GBG shall be entitled to increase the Charges by giving the Client not less than 30 days’ notice of the change. For the avoidance of doubt, GBG will not revise the Charges before the end of the Initial Period.

7. Intellectual Property Rights

7.1 The Client acknowledges that all Intellectual Property Rights in the Service and the Output Materials belong and shall continue to belong to GBG and/or GBG’s third party suppliers. GBG grants a nontransferable licence to the Client to use the Service and Output Material in accordance with the terms of this Agreement.  

7.2 GBG acknowledges all Intellectual Property Rights in the Client Information belong and shall continue to belong to the Client. The Client grants to GBG a non-transferable, non-exclusive, royalty free licence to use, disclose and copy the Customer Information to enable GBG to provide the Service and carry out its obligations under this Agreement.

7.3 If any third party makes or threatens to make a claim against GBG, the Client or one of GBG’s third party suppliers that the use of the Service and/or Output Material or part thereof infringes any third party’s Intellectual Property Rights, GBG shall be entitled to do one or more of the following:-

(a) suspend any part of the Service that is subject to the infringement claim made by the third party;
(b) modify the Service, or item provided as part of the Service, so as to avoid any alleged infringement, provided that the modification does not materially affect the performance of the Service;
(c) terminate the Agreement upon written notice to the Client and provide a refund to the Client of any Prepayment made by the Client which at the date of termination has not been and will not be credited against Charges due to GBG.

7.4. GBG will indemnify the Client against all liabilities, costs, expenses, damages and losses incurred by the Client as a direct result of any third party making or threatening to make a claim against the Client that the Client’s use of the Service and/or Output Material in accordance with the terms of this Agreement infringes that third party's Intellectual Property Rights (a “Claim”), provided that the Client:
a. notifies GBG promptly in writing of any Claim;
b. makes no admission or compromise relating to the Claim or otherwise prejudice GBG’s defence of such Claim;
c. allows GBG to conduct all negotiations and proceedings in relation to the Claim; and
d. gives GBG all reasonable assistance in doing so (GBG will pay the Client’s reasonable expenses for such assistance).

7.5. The indemnity in clause 7.4 does not apply to any Claim arising as a result of the use of the Service in conjunction with software, materials, equipment and/or services which GBG have not supplied pursuant to this Agreement or to Claims caused by designs or specifications made by the Client, or on the Client’s behalf.

7.6. The Client warrants that:
a. it will not use or exploit the Intellectual Property Rights in the Service or Output Material or permit others to use or exploit the Intellectual Property Rights in the Service or Output Material outside of the terms of the licence granted to the Client in clause 7.1 this Agreement;
b. all computers and/or IT systems which GBG are required to use, access or modify as part of the Professional Services are legally licensed to the Client or are the Client’s property and that such activities by GBG will not infringe the rights of any third party;
c. the use of the Service in conjunction with any software, equipment, materials and/or services (which are not supplied by GBG) will not infringe the rights of any third party;
d. GBG’s compliance with any designs or specifications provided by the Client, or on the Client’s behalf will not infringe the rights of any third party.

8. CONFIDENTIALITY AND PUBLICITY

8.1. Each Party undertakes that it shall not at any time disclose the other Party’s Confidential Information to any third party except as permitted by clauses 8.3, 8.4 and 8.5 or to the extent necessary for the proper performance of this Agreement.

8.2. Each Party warrants to the other that it shall apply the same security measures and degree of care to Confidential Information disclosed to it as it takes in protecting its own Confidential Information and in any event no less than that which a reasonable person or business would take in protecting its own Confidential Information.

8.3. Neither Party shall use the other Party's Confidential Information for any purpose other than to perform its obligations under this Agreement.

8.4. Each Party may disclose the other Party's Confidential Information:
a. to its or its Group Companies' employees, officers, representatives, advisers and third party suppliers who need to know such information to perform its obligations under this Agreement. Each Party shall ensure that its and its Group Companies' employees, officers, representatives, advisers and third party suppliers to whom it discloses the other Party's confidential information comply with this clause 8; and
b. as may be required by law, court order or any governmental or regulatory authority;

8.5. For the purposes of clause 8.1, Confidential Information shall not include information which:
a. is or becomes generally available to the public (other than through a breach of this Agreement);
b. is lawfully in the possession of the other Party before the disclosure under this Agreement took place;
c. is obtained from a third party who is free to disclose it; or
d. the Parties agree in writing is not confidential or may be disclosed.

8.6. Notwithstanding the terms of this clause 8, once the Order Form has been signed by both Parties, GBG may issue a press release (or if GBG wishes, another form of public communication) relating to the Parties’ entry into this Agreement.

9. DATA PROTECTION

9.1. Both Parties warrant that they will comply with their respective obligations under the Privacy and Data Protection Requirements.

9.2. The Parties acknowledge that for the purposes of this Agreement, the Client will be the Data Controller and GBG will be the Data Processor, as defined under the Data Protection Act 1998.

9.3. Where GBG processes Personal Data on the Client’s behalf, GBG acting as Data Processer will:

a. act on and comply with the Client’s instructions with regard to the processing of its Personal Data; and
b. take reasonable steps to ensure the reliability of all GBG’s employees who have access to the Client’s Personal Data; and
c. take appropriate technical and organisational measures against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data; and
d. where an individual exercises his or her right under any laws in respect of Personal Data processed by GBG on the Client’s behalf or where the Client is required to deal or comply with any assessment, enquiry, notice or investigation by any regulatory or legal body, GBG will co-operate with the Client’s reasonable requests to enable it to comply with its legal obligations which arise as a result of the exercise of such rights or as a result of such assessment, enquiry, notice or investigation.

9.4. The Client acknowledges and agrees that it is responsible for:
a. obtaining the informed consent (permission) of any Data Subjects whose Personal Data is provided to GBG as part of the Client Information prior to use of the Service.
b. creating and maintaining an audit trail of all informed consents received from each individual Data Subject under clause 9.4(a) above.

9.5. The Client shall ensure that the consent provided by a Data Subject in accordance with clause 9.4(a) complies with Privacy and Data Protection Requirements and is sufficient to allow GBG to access, use, store, transfer and process the Data Subject’s Personal Data in accordance with the terms of this Agreement.

9.6. The consent wording must also include reference to the fact that, where appropriate and relevant for the provision of the Service, Personal Data will be transferred outside the European Economic Area ("EEA") in order to perform identity verification or checking and that those countries outside the EEA may not have protections in place for personal data as extensive as those within the EEA.

9.7. As the Client’s Data Processor (or otherwise) GBG relies on its Clients for direction as to the extent to which it is entitled to process any Personal Data provided to it by the Client. Consequently GBG will not be liable for any claim brought by an individual (whose Personal Data is provided to GBG by the Client) arising from the processing of Personal Data undertaken by GBG in accordance with instructions given to it by the Client or in the provision of the Service in accordance with the terms of this Agreement.

10. LIABILITY

10.1. Neither Party excludes or limits its liability for death or personal injury resulting from its negligence, fraudulent misrepresentation or any other type of liability that cannot by law be excluded or limited.

10.2. Neither Party excludes or limits its liability in respect of clauses 7 (Intellectual Property Rights), 8 (Confidentiality) and 9 (Data Protection) of this Agreement.

10.3. Subject to clauses 10.1 and 10.2, each Party’s aggregate liability to the other Party under or in connection with this Agreement, whether such liability arises in contract, tort (including, without limitation, negligence) misrepresentation or otherwise, shall be limited to either the Charges payable in the 12 month period preceding the breach or £5,000, whichever is the greater.

10.4. Subject to clauses 10.1 and 10.2, neither Party shall be liable for loss of profits, business or anticipated savings, loss or destruction of data, loss of use of data, loss of reputation, loss of goodwill, any special, indirect or consequential loss or damage.

10.5. Due to GBG’s reliance on third party data suppliers, and telecommunication services, over which GBG has no direct control, GBG cannot warrant:
a. the accuracy, suitability for purpose/requirements and/or uninterrupted availability of the Service or Output Materials;
b. that the use of the Service and/or the Output Materials will meet the Client's business requirements and the Client accepts that the Service was not designed or produced to its individual requirements and that it was responsible for its selection.

Consequently, the Client agrees that except as expressly set out in this Agreement, all warranties, conditions and other terms relating to the Service and this Agreement whether express or implied by law, custom or otherwise are, to the fullest extent permitted by law, excluded from this Agreement.

10.6. The Parties acknowledge that damages alone may not be an adequate remedy for a breach by the other Party of clauses 4 (Use of the Service), 7 (Intellectual Property Rights), 8 (Confidentiality) and 9 (Data Protection) of this Agreement. Accordingly, without prejudice to any other rights and remedies it may have, the injured Party shall be entitled to seek specific performance and/or injunctive or other equitable relief.

11. SUSPENSION AND TERMINATION

11.1. GBG may suspend all or part of the Service immediately and without notice in the event that the Client has committed a material breach of this Agreement or GBG acting reasonably suspects that the Client has committed a material breach of this Agreement.

11.2. Either Party may terminate this Agreement by giving at least 90 days' prior written notice to the other of such termination to take effect on the expiry of the Initial Period.

11.3. Either Party may terminate this Agreement (or, if GBG wish, part of it) on immediate notice in writing to the other if any of the following applies:
a. the other Party commits a material or persistent breach of this Agreement, which is capable of remedy, and it fails to remedy the breach within 10 Business Days of a written notice to do so. A breach shall be capable of remedy if the Party in breach can comply with the provision in question in all respects other than as to the time of performance;
b. the other Party commits a material or persistent breach of this Agreement which cannot be remedied;
c. any meeting of creditors of the other Party is held or any arrangement or composition with or for the benefit of its creditors (including any voluntary arrangement as defined in the Insolvency Act 1986) is proposed or entered into by or in relation to the other Party (other than for the purpose of a bona fide solvent re-construction, re-organisation or amalgamation);
d. the other Party ceases or threatens to cease carrying on business or is or becomes unable to pay its debts within the meaning of Section 123 of the Insolvency Act 1986;
e. a nominee, supervisor, receiver, administrator, administrative receiver or liquidator is appointed in respect of the other Party or any encumbrancer takes possession of, or any distress, lien, execution or other process is levied or enforced (and is not discharged within seven days) upon, the assets of the other Party;
f. an order is made for the bankruptcy or winding-up of the other Party or a resolution for its winding up is passed;
g. a notice of intention to appoint an administrator is filed with the court or served on any creditor of the other Party;
h. an application for an administration order is issued at court in respect of the other Party;
i. a meeting is convened for the purpose of considering a resolution for the winding up of the other Party or the making of an application for an administration order or the dissolution of the other Party; or
j. any event analogous to any of clauses 11.3 (c) to (i) above occurs in any jurisdiction.

11.4. When this Agreement terminates the Client will:
a. cease using the Service or in the case where access to a specific part of the Service has been terminated cease to use the specified part of the Service; and
b. promptly pay any outstanding and unpaid invoices due for the Service whether the invoice was submitted before or after the termination of this Agreement.

11.5. When this Agreement terminates the Parties will return or destroy (at the option and request of the disclosing Party) any Confidential Information belonging to the other Party in its possession or control.

11.6. The termination of this Agreement does not affect the accrued rights, remedies and obligations or liabilities of the Parties existing at termination. Nor shall it affect the continuation in force of any provision of this Agreement that is expressly or by implication intended to continue in force after termination.

11.7. If GBG terminates this Agreement during the Initial Period following a breach of this Agreement by the Client, the Client agrees to pay GBG the Charges due, if any, for the remaining part of the Initial Period in accordance with clause 11.4.

12. AUDIT RIGHTS

12.1. GBG is required by its third party data suppliers and regulatory bodies to include a right of audit in all of its Client Agreements. The following provisions of this clause 12 are to give effect to that requirement.

12.2. Upon reasonable prior written notice to the Client and upon reasonable grounds, GBG shall be entitled to conduct an on-site audit or to appoint a third party auditor to conduct an on-site audit of the Client's premises used in connection with the Service for the purposes of investigating the Client’s compliance with its obligations under this Agreement.

12.3. Audits shall not be carried out on more than one occasion per year of this Agreement unless GBG reasonably believes that the Client is in material breach of the Agreement or unless GBG is required to do so by any regulatory body with competent jurisdiction or one of GBG's third party suppliers engaged in connection with the Service. GBG or its auditor may be accompanied by representatives of any such regulatory body or third party supplier in respect of any such audit imposed on GBG.

12.4. All audits will be conducted in a manner that does not materially disrupt, delay or interfere with the Client's performance of its business and shall be carried out at the expense of GBG or its third party suppliers. Should the audit reveal a breach of the Agreement by the Client, the Client shall reimburse GBG or its third party suppliers for the full cost of the audit.

12.5. The Client shall provide GBG (or any regulatory body or third party supplier as relevant) with full access to its premises, employees, computers, IT systems and records as required for the purpose of any such audit.

12.6. Prior to undertaking an audit under this clause 12 GBG shall be entitled (but not obligated) to submit to the Client questions regarding the Client’s performance of its obligations under this Agreement. The Client shall respond to these questions within 14 days of receiving such request. The submission of questions under this clause 12.6 will not prejudice GBG’s audit rights under this clause.

13. DISPUTE RESOLUTION

13.1. If a dispute arises out of or in connection with this Agreement or the performance, validity or enforceability of it (a “Dispute”) then the Parties shall follow the procedure set out in this clause 13, specifically:
a. either Party shall give to the other written notice of the Dispute, setting out its nature and full particulars (a “Dispute Notice”), together with relevant supporting documents. On service of the Dispute Notice, authorised representatives of GBG and the Client shall attempt in good faith to resolve the Dispute;
b. if the authorised representatives of GBG and the Client are for any reason unable to resolve the Dispute within 10 Business Days of service of the Dispute Notice, the Dispute shall be escalated to senior officers of GBG and the Client who shall attempt in good faith to resolve the matter; and
c. if the senior officers of GBG and the Client are for any reason unable to resolve the Dispute within 30 Business Days of it being referred to them, the parties will attempt to settle it by way of mediation. Should the parties fail to reach a settlement within 25 Business Days from the date of engaging in such mediation, the Parties shall be entitled to refer the Dispute to the courts of England and Wales in accordance with clause 18.2 of this Agreement.

13.2. Notwithstanding clause 13.1 above, the Parties shall be entitled to seek injunctive or other equitable relief at any point should that Party deem it necessary to protect the legitimate business interests of that Party.

14. NON-SOLICITATION

14.1. Neither Party shall directly or indirectly (whether alone or in conjunction with or on behalf of any other person, business or organisation) solicit or entice away (or attempt to solicit or entice away) any person employed or engaged by the other Party or the other Party's Group Company in connection with this Agreement during the term of this Agreement or for a further period of 12 months after the termination of this Agreement other than by means of an advertising campaign open to all comers and not specifically targeted at any of the other Party’s or the other Party's Group Companies' staff.

14.2. If either Party breaches clause 14.1 it shall, on demand, pay to the other Party a sum equal to one year's basic salary or the annual fee that was payable by the other Party to that employee, worker or independent contractor plus the recruitment/sourcing costs incurred by the other Party in replacing such person. The Parties agree that this sum is proportionate to both Parties’ interests in enforcing the provisions of this clause 14.

15. EVENT OF FORCE MAJEURE

Neither Party shall be in breach of this Agreement nor liable for any delay in performing, or failure to perform, any of its obligations under this Agreement if such delay or failure results from a Force Majeure Event. In such circumstances the affected Party shall be entitled to a reasonable extension of the time for performing such obligations. If the period of delay or non-performance continues for three consecutive months, the Party not affected may terminate this Agreement immediately by giving written notice to the affected Party.

16. NOTICES

16.1. Notices required to be given under this Agreement must be in writing and may be delivered by hand or by courier, or sent by first class post to the following addresses:
a. to GBG at its registered office address and marked for the attention of the Company Secretary,
b. to the Client at the address to which the Client asks GBG to send invoices or the Client's registered office address (in the case of a corporate body).

16.2. Any notice shall be deemed to have been duly received:
a. if delivered by hand or by courier, when left at the address referred to in this clause 16.1;
b. if sent by first class post, two Business Days after the date of posting.

16.3. This clause does not apply to the service of any proceedings or other documents in any legal action.

17. MISCELLANEOUS

17.1. Save where expressly provided for elsewhere in this Agreement, if either Party wishes to change this Agreement, the Parties agree that each Party will:
a. notify the other detailing the proposed change and the reason for it;
b. discuss the proposed change;
c. notify each other whether the proposed change is feasible and the likely financial, contractual, technical and other effects of the proposed change;
d. decide whether it agrees to this Agreement being amended to incorporate the change and notify the other Party.

17.2. Agreed changes to this Agreement will be recorded in writing and will form part of this Agreement when signed by authorised signatories of both Parties.

17.3. The Client may not assign or transfer (in whole or part) any of its rights or obligations under this Agreement, without GBG’s prior written agreement (which must not be unreasonably withheld or delayed).

17.4. GBG will inform the Client if it assigns or transfers (in whole or part) any of its rights or obligations under this Agreement.

17.5. Save where expressly stated in the Additional Terms, a person who is not party to this Agreement has no right under the Contracts (Rights of Third Parties) Act 1999 or otherwise to enforce any term of this Agreement.

17.6. This Agreement constitutes the entire agreement between the Parties and replaces and supersedes all previous written or oral agreements relating to its subject matter.

17.7. The Parties agree that:
a. neither Party has been induced to enter into this Agreement by any representation, warranty or other assurance not expressly incorporated into it; and
b. in connection with this Agreement its only rights and remedies in relation to any representation, warranty or other assurance are for breach of contract and that all other rights and remedies are excluded, except in the case of fraud.

17.8. If any provision of this Agreement (or part of any provision) is found by any court or other authority of competent jurisdiction to be invalid, illegal or unenforceable, that provision or part-provision shall, to the extent required, be deemed not to form part of this Agreement, and the validity and enforceability of the other provisions of this Agreement shall not be affected.

17.9. This Agreement may be executed in any number of counterparts, each of which when executed and delivered shall constitute an original of this Agreement, but all counterparts shall together constitute the same Agreement. No counterpart shall be effective until each Party has executed at least one counterpart.

17.10. No failure or delay by a Party to exercise any right or remedy under this Agreement or by law shall constitute a waiver of that or any other right or remedy nor shall it preclude or restrict the further exercise of that or any other right or remedy. No single or partial exercise of such right or remedy shall preclude or restrict the further exercise of that or any other remedy.

17.11. Unless otherwise stated herein, the rights and remedies provided under this Agreement are in addition to, and not exclusive of, any other rights or remedies provided by law.

18. GOVERNING LAW AND JURISDICTION

18.1. By entering into this Agreement, the Parties warrant that they each have the right, authority and capacity to enter into and be bound by the terms and conditions of this Agreement and that they agree to be bound by these.

18.2. This Agreement and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) shall be governed and construed in accordance with the laws of England and subject to clause 13 both Parties submit to the exclusive jurisdiction of the English Courts, save that GBG may elect to bring proceedings against the Client in the courts of any jurisdiction where the Client or any of the Client's property or assets may be found or located.

 

 

Web Services Agreement
ADDITIONAL TERMS

This section only applies if the Order Form shows that the applicable service has been selected. If so, these conditions will apply, in addition to the General Terms and any applicable Schedule. Any definition not provided in these Additional Terms shall have the same meaning as set out elsewhere in the Agreement.

Item check references are included below for clarity and refer to the item check numbers listed in the Order Form. For the avoidance of doubt, GBG may update the item check references from time to time. In such case GBG will endeavour to provide the Client with written confirmation of the change.

APPENDIX 1 – UK CREDIT DATA SERVICES

The data that GBG uses to provide item checks (0154) and (0155) includes information about UK Data Subjects and incorporates credit data. These UK Credit Data Services are supplied by GBG’s UK credit data partner. GBG is obliged under the terms of its agreement with its UK credit data partner to ensure that all Clients agree to comply with the following provisions:

PERMITTED PURPOSE

1.1. The Client may only use the UK Credit Data Services for the Permitted Purposes listed below in accordance with the terms contained within this Appendix 1 and the Agreement:
a. Assessing the risk of granting credit to consumers;
b. Detecting fraud in relation to the granting of credit to consumers;
c. Assisting in the prevention of money laundering;
d. Collecting debts and tracing customers who owe debts under consumer credit agreements;
e. ID and age verification in respect of consumers;
f. Bank account validation; or
g. Services which can reasonably be described as derivatives of the above permitted purpose descriptions such as, but not limited, developments of legislation relating to data protection and identity verification.

INFORMED CONSENT

2.1. In obtaining the informed consent of the relevant Data Subject as detailed in clause 9 of this Agreement, the Client must inform the Data Subject in writing that any information the Data Subject gives to the Client, including that Data Subject’s Personal Data:
a. may be disclosed to a credit reference or fraud prevention agency, which may keep a record of that information; and
b. that such credit reference or fraud prevention agency may disclose the fact that a search of its records was made to its other customers for the purposes of assessing the risk of giving credit, to prevent fraud and to trace debtors.

2.2. The Client shall, on request, give GBG a copy of the notification it has used in accordance with clause 2.1 above (if available), or confirmation of such notification. GBG may in turn provide a copy of the notification or confirmation to its UK credit data partner.

2.3. To the extent that the Client is legally able to do so, the Client grants to GBG’s UK credit data partner a perpetual, royalty free right to keep a record of any notification or confirmation provided to it in accordance with clause 2.2.

APPENDIX 2 – BANK VALIDATION CHECK

The data that GBG uses to provide the Bank Validation item check (0231) is supplied by GBG’s bank validation data partner. Under the terms of its agreement with this partner the supply of the Bank Validation Check may be terminated at any time, immediately upon notice.

APPENDIX 3 – US DATA SERVICES

The data that GBG uses to provide item check (0246) is supplied by GBG’s US data partner. GBG is obliged under the terms of its agreement with its US data partner to ensure that all Clients agree to comply with the following provisions: This Appendix 3 contains restrictions on the type of organisation which can access the US Data Services, please read these provisions carefully to ensure that you are able to comply with all relevant terms.

1. PERMITTED PURPOSE

1.1. The Client may only use the US Data Services for the purposes of consumer identity, address and age verification in connection with fraud prevention and transactional completion within the Client’s own business.

1.2. The Client must not in any circumstances use the US Data Services or the information provided by the US Data Services for any purpose that would violate any state or local statute, rule or regulations or in connection with transactions involving:
a. Live animals or any other living organisms of any kind;
b. Illegal activities or violations of law, rules or regulations; or
c. The exploitation of children, individuals or animals.

1.3. The Client acknowledges that it is not a Consumer Reporting Agency and the information provided by the US Data Services may not be used for any purpose that would violate privacy obligation policies and/or any other terms and provisions of the Gramm-Leach-Bliley Act (15 U.S.C. § 6801 et seq.), the Federal Fair Credit Reporting Act (15 U.S.C. § 1681 et seq.), the Federal Drivers Privacy Protection Act, (18 U.S.C. § 2721 et seq.), or any similar state or local statute, rule or regulation.

1.4. In the event that the Client operates within the tobacco or healthcare industries within the United States of America or provides marketing services to the tobacco industry in the United States of America the Client must inform GBG who must seek consent from its US data partner, before the Client uses the US Data Services.

2. USE OF THE SERVICE

2.1. The Client shall limit its use of the US Data Services to the purposes specified at clause 1 and shall take appropriate measures so as to protect against the misuse of any information provided by the US Data Services.

2.2. The Client must comply at all times with all US Federal and State laws regarding the use of US Data Services, including but not limited to the Federal Wire Act and shall abide by all applicable legislation and rules and regulations as may be enacted or adopted after the date hereof.

2.3. The Client must not re-produce, re-transmit, re-publish, or otherwise transfer for any commercial purposes the US Data Services, data programs or computer applications or the results of the US Data Services.

2.4. The Client acknowledges and accepts that it retains no rights, title, or interest in and/or to the data, information, programs and computer applications provided as part of the US Data Services under applicable contractual, copyright, patent and related laws and that any use of the US Data Services outside of this Agreement is unauthorized and will be cause to suspend or terminate the US Data Services.

2.5. The Client acknowledges and accepts that if it is determined or reasonably suspected that it has re-sold the US Data Services or results of the US Data Services or is re-selling or brokering the US Data Services or violating any laws or regulations including those described herein, the delivery of the US Data Services may be terminated or suspended immediately.

APPENDIX 4 – GERMAN DATA SERVICES

The data that GBG uses to provide item check (0228) is supplied by GBG’s German data partner. Under the terms of its agreement with this partner the supply of the German Data Services can be terminated upon GBG providing the Client with 2 months’ notice.

APPENDIX 5 – CANADIAN DATA SERVICES

The data that GBG uses to provide item check (0237) includes consumer credit information about Canadian Data Subjects. These Canadian Data Services are supplied by GBG’s Canadian data partner. GBG is obliged under the terms of its agreement with its Canadian data partner to ensure that all Clients agree to comply with the following provisions: This Appendix 5 contains restrictions on the type of organisation which can access the Canadian Data Services, please read these provisions carefully to ensure that you are able to comply with all relevant terms.

1. REQUIREMENT FOR ACCESS TO THE CANADIAN DATA SERVICES

1.1. Before accessing the Canadian Data Services, the Client must confirm and verify that its organisation:
a. is a legitimate existing business;
b. has at least one the permissible purposes for obtaining and using the Canadian Data Services listed in clause 2.1; and
c. has the appropriate consent required under Privacy Law in order to access the Canadian Data Services as more particularly detailed in clause 2.2.

2. CLIENT RESPONSIBILITIES

2.1. The Client warrants, represents and undertakes that it will not use the Canadian Data Services for any purpose other than:
a. in connection with the extension of credit to a consumer to whom the information pertains;
b. in connection with the purchase or collection of a debt of a consumer to whom the information pertains;
c. for the purpose of the entering into or renewal of a tenancy agreement;
d. for employment purposes;
e. in connection with the underwriting of insurance involving the consumer;
f. to determine the consumer’s eligibility for any matter under a statute or a regulation where the information is relevant to a requirement prescribed by law; or
g. where there is a direct business need for the information in connection with a business or credit transaction involving the consumer.

2.2. The Client warrants that it has obtained the appropriate active and informed consent from each identifiable consumer for the collection, disclosure and use of information about that consumer (“Personal Information”) in accordance with applicable Canadian privacy law (“Privacy Law”) prior to requesting the Canadian Data Services from GBG.

3. USE OF THE SERVICE

3.1. The Client warrants that in accessing and obtaining the Canadian Data Services, it will at all times comply with Canadian consumer reporting legislation and Privacy Law;

3.2. The Client must not at any time resell or otherwise release the Canadian Data Services to another third-party business, entity or person.

3.3. The Client must not use the Canadian Data Services for any of the following purposes:
a. Adult entertainment service of any kind;
b. Bail bondsman (unless licensed by the province in which they are operating);
c. For-profit credit counselling agency;
d. Credit repair agency;
e. Dating service;
f. Financial counselling (except a registered securities broker dealer);
g. Genealogical or heir research firm;
h. Massage service;
i. Pawn shop;
j. Investigative service company;
k. Company that handles third party repossession;
l. Subscriptions (magazines, books, music, etc.);
m. Time share;
n. Asset location service;
o. News agency or journalist;
p. Other Distributor; or
q. Any other organization whose activities are illegal, illicit, or immoral or offensive to a reasonable person, or likely to have a negative impact on GBG’s Canadian data partner’s reputation in the eyes of a reasonable person.

4. TERMINATION

4.1. Notwithstanding the other termination provisions in this Agreement, under the terms of GBG’s agreement with its Canadian data partner the supply of the Canadian Data Services may be terminated at any time by GBG providing the Client with 120 days’ notice.

APPENDIX 6 – AUSTRALIAN DATA SERVICES

PART A The data that GBG uses to provide item checks (0270) and (0271) is supplied by one of its Australian data partners. GBG is obliged under the terms of its agreement with its Australian data partner to ensure the Client accepts and agrees that it may only use the Australian Data Services provided as part of item checks (0270) and (0271) for the purposes of verifying the identity of specific individuals with whom the Client has an existing or prospective business relationship. Such use must be confined to facilitating the carrying out of an application identification procedure on a person under the Australian Anti-Money Laundering and Counter Terrorism Financing Act 2006 (Cth).

PART B The data that GBG uses to provide item checks (0298-302), (0299), (0301) (0302), (0303), (0304) and (0305) is supplied by one of its Australian data partners (the ‘Data Provider’). GBG is obliged under the terms of its agreement with the Data Provider to ensure that all Clients agree to and comply with the following provisions:

1. DEFINITIONS

1.1. In these terms and conditions, unless the context clearly indicates otherwise:

“AML/CTF Act” means the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth);

“Applicable Laws” means all applicable law, enactments, regulations, regulatory policies, binding guidelines, binding industry codes, regulatory permits and licenses which are in force from time to time including, without limitation, AML/CTF Act, applicable data protection and Privacy Laws and the GST Act;

“Applicant” means a person who applies for a Customer Product;

“Application” means an application for a Customer Product;

“Approved Purpose” means the purposes of verifying an Applicant’s identity solely for the Customer’s internal business purposes and for the purposes of complying with all Applicable Laws;

“Third Party Database” includes and is not limited to the following databases:
a. Visa Entitlement Verification Online;
b. DFAT’s My Passport;
c. Medicare; d. Births, Deaths and Marriages for each of New South Wales, Victoria, Queensland, Western Australia, South Australia, Tasmania, Northern Territory and the Australian Capital Territory;
e. Government Drivers License authorities or agencies in each of New South Wales, Victoria, Queensland, South Australia, and the Australian Capital Territory; and
f. Sanctions List;

2. CUSTOMER ACKNOWLEDGEMENTS

2.1. Terms: The Customer acknowledges that these terms and conditions govern use of the Service and further terms and conditions apply to use of the data that is transmitted as part of the Service. Accordingly:
a. where it is an existing subscriber to one or more of the Proprietary Databases, the terms and conditions of use applicable to those Proprietary Databases will continue to apply to the Customer’s use within the provision of this Service;
b. where, pursuant to the Business Rules, the Customer requests Data Provider to use other Data Provider Databases in providing the Service, the terms and conditions of use of those Data Provider Databases will apply, in addition to these terms;
c. where, pursuant to the Business Rules, the Customer requests Data Provider to use Third Party Databases in providing the Services, the terms and conditions of use of those Third Party Databases will apply to the Customer (where applicable), in addition to these terms.

2.2. Terms subject to change: Where a third party data supplier imposes any restrictions on conditions of use on the Customer pursuant to that third party data supplier’s agreement with Data Provider, Data Provider reserves the right to impose these conditions on the Customer, and the Customer agrees to comply with them.

2.3. Applicant’s consent: The Customer must obtain the consent of each Applicant for the provision of the Services.

2.4. Third Party Database: The Customer acknowledges that the terms and conditions of Third Party Databases may require an Applicant to conduct identity verification in an Applicant’s own name. In addition to clause 2.3 therefore, the Customer must obtain the authority of the Applicant for Data Provider to act as the Applicant’s agent in accessing Third Party Databases for identity verification.

3. CUSTOMER OBLIGATIONS

3.1. Service Requests: The Customer will dispatch Service Requests to the Service as Applications are made and not, unless instructed by Data Provider, in batches or in a way that is otherwise likely to disrupt Data Provider’s provision of the Service. Specifically the Customer must not at any time process more than 500 transactions per hour.

3.2. General: Without limiting the Customer’s obligations under these terms and conditions, the Customer must:
a. not use the Service, Service Materials or any other data generated by use of the Service, for any purpose other than the Approved Purpose;
b. not resell the Service, Service Materials or any other data generated by use of the Service (whether or not other information or services are added to it and whether or not it is incorporated into another service or other data);
c. not change, delete or alter the data contained in the metadata fields of the data provided by Data Provider as part of the Service (though this shall not prevent the Customer from adding to such data); and
d. comply with other reasonable product compliance requirements which Data Provider may notify to the Customer from time to time.

3.3. Customer data: The Customer is solely responsible for maintaining regular backups of all Customer data associated with the Services. To the extent that Data Provider is in possession of Customer data, Data Provider will be responsible for the maintenance, confidentiality, privacy and security of any such data. The Customer acknowledges that Data Provider may disclose to its third party suppliers for identity verification purposes only. The Customer is responsible for ensuring that it has appropriate consents in place to support such disclosure.

3.4. AML/CTF Act: The parties acknowledge that the AML/CTF Act, among other regulations, places certain obligations on the Customer in relation to identifying and verifying the identity of its customers, reporting and record keeping. The Customer acknowledges that while the Service provided by Data Provider under these terms and conditions assists the Customer to comply with the AML/CTF Act, the obligation to comply with this legislation remains with the Customer.

4. INTELLECTUAL PROPERTY RIGHTS

4.1. Ownership and use of Intellectual Property Rights: The parties agree that other than as provided in this clause 4 (Intellectual Property Rights), nothing in these terms and conditions transfers ownership in, or otherwise grants any rights in any Intellectual Property Rights of a party.

4.2. Service Materials: If Data Provider provides any Service Material to the Customer, then Data Provider grants to the Customer a non-transferable, non-exclusive, royalty-free licence for the Term to use Data Provider Material solely for the purpose of the Customer being able to use the Service.

4.3. Customer Materials: The Customer grants to Data Provider a perpetual, non-transferable, non-exclusive, royalty free licence to use and exercise all of the Intellectual Property Rights in the Customer Materials for the purpose of enabling Data Provider to deliver the Service for the benefit of the Customer only.

4.4. Intellectual Property markings not effective: If any Intellectual Property Rights are expressly transferred or licensed by a party under these terms and conditions, then such transfer or licence applies in accordance with its terms, notwithstanding any inconsistent marks of a party (eg ©) that may be attached to that intellectual property.

5. PRIVACY

5.1. Privacy: If, as a result of these terms and conditions, the Customer is able to access any information about identifiable individuals held by or on behalf of Data Provider (and the Data Provider Group Companies), then the Customer:
a. must comply all applicable Privacy Laws and such other data protection laws as may be in force from time to time which regulate the collection, storage, use and disclosure of information, as if it were regulated by these laws;
b. must comply with any privacy code or policy which has been adopted by Data Provider as if it were bound by that code or policy;
c. must comply with any direction of Data Provider that is consistent with the laws, codes and policies referred to in paragraphs (a) and (b) above;
d. not to do any act or engage in any practice that would breach the Privacy Laws or cause Data Provider to breach the Privacy Laws;
e. take all steps which are reasonable in the circumstances to protect any Personal Information held by it in connection with these terms and conditions from misuse, interference or loss, and from unauthorised access, modification or disclosure;
f. not transfer any Personal Information provided by Data Provider in connection with these terms and conditions to a country or territory outside of Australia, without Data Provider’s prior written consent;
g. immediately notify Data Provider if it becomes aware of a breach of the Privacy Law in connection with these terms and conditions and notwithstanding any other provision of these terms and conditions, will take steps to remedy the breach immediately;
h. comply with any reasonable direction of Data Provider to observe any recommendation of any government body relating to acts or practices of the Customer that the government body considers to be in breach of the obligations of this clause; and
i. indemnify Data Provider and any Related Body Corporate from time to time of Data Provider and their respective Employees for any loss or damage caused or contributed to by the Customer’s failure to comply with the Privacy Laws or is breach of the obligations set out in clause 5.3 above.

6. EXCLUSION OF DATA PROVIDER’S LIABILITY

6.1. Disclaimer: Data Provider makes no warranties or representations about information sourced from third parties that is provided under the Service, or its reliability, accuracy, completeness, or currency and excludes all liability for any loss or damage in relation to the accuracy, completeness, currency or quality of information sourced from third parties that is provided under the Service.

6.2. No warranty: The Customer acknowledges and agrees that the Service (including for the avoidance of doubt its content) are provided “as is”, “as available” and with all faults and is provided without any covenants, promises or guarantees as to accuracy, functionality, performance, merchantability, system integration, data accuracy or fitness for any purpose. Any conditions, terms or warranties as to the same implied or imposed by statue or common law are hereby excluded to the fullest extent permitted by law.

6.3. Limitation of Liability: To the extent permitted by law, Data Provider limits its liability in respect of any failure to comply with a statutory guarantee which cannot be excluded to the resupply of services or the cost of resupplying the services.

6.4. Exclusion of liability: Neither Data Provider nor the Data Provider Group Companies shall have any liability whatsoever to the Customer (including in negligence and breach of statutory duty) and the Customer shall have no remedies against them with respect to the Service, or any use of or reliance on the same made by the Customer or any person through the Customer, including without limitation any loss of data or the inability to retrieve data, resulting from or incidental to the use of the Service or any direct, indirect, incidental, consequential, special, exemplary or punitive damages, any loss of profit, investment, trading, reliance or wasted expenditure, any liability to third parties, or any other form of loss or liability, regardless of cause, and whether in tort, contract, strict liability, statutory duty or liability or under any other form of action, and even if Data Provider was advised of the possibility of such damages.

7. APPLICABLE LAW

7.1. These terms and conditions shall be exclusively governed by the laws of New South Wales and the Customer agrees to submit to the exclusive jurisdiction of the Courts of New South Wales in relation to any matter relating to these terms and conditions and the Service.

8. OTHER

8.1. Connectivity: Although reasonable commercial precautions have been taken, the Data Supplier does not guarantee that access to the Service will be uninterrupted, or that there will be no failures, errors or omissions or loss of transmitted information, or that no viruses will be transmitted.

8.2. Damage to Systems: the Data Supplier does not accept responsibility for any interference or damage to the Client’s computer systems or data which arises in connection with the provision of the Service.

8.3. Price Increases: the Data Supplier may increase its fees for the Service on not less than 30 days’ notice once per year. Notwithstanding the above, the fees for access to the Service may be automatically increased by an amount equal to the increase in any tax, fee, levy, government charge, goods and services tax or analogous tax or any other tax or regulatory or legislative cost or statutory fee, or third party input costs upon or in relation to the Services.

9. DOCUMENT VERIFICATION SERVICE (DVS)

9.1. Where the Client has selected to use one or more of the following item checks (0303) (0304) and/or (0305) the following terms will also apply in addition to the other provisions in this Appendix 6.

9.2.“Document Verification Service (DVS)” means the data transmission service provided by the Commonwealth of Australia represented by the Attorney-General’s Department ABN 92 661 124 436 to Business Users (as that term is defined in and) subject to the Document Verification Service Business User Terms and Conditions of Use available at http://www.dvs.gov.au/dvs-access/Pages/default.aspx;

9.3. Where, pursuant to the Business Rules, the Customer requests Data Provider use the DVS, the Customer must:
a. nominate Data Provider as its Gateway Service Provider in accordance with; and
b. be approved as a Business User in accordance with; and
c. otherwise comply with the Document Verification Service Business User Terms and Conditions.

10. TERMINATION

10.1. Notwithstanding the other termination provisions in this Agreement, under the terms of GBG’s agreement with the Data Provider the supply of the Australian Data Services set out within this Part B of Exhibit 6 can be terminated at any time by GBG providing the Client with 24 months’ notice.

APPENDIX 7 – SOUTH AFRICAN DATA SERVICES

The data that GBG uses to provide item check (0249) is supplied by GBG’s South African data partner TransUnion. GBG is obliged under the terms of its agreement with TransUnion to ensure that all Clients agree to comply with the following provisions:

1. DEFINITIONS

1.1. In these terms and conditions, unless the context clearly indicates otherwise:

“Consumer Credit Information” shall bear the meaning set out in Section 70 (1) of the NCA;

“Customer” means the entity procuring the Services from GBG;

"Data” means any data including personal information (as defined in the ECTA and any other applicable legislation) in whatever form provided, supplied, stored, collected, collated, accessed or processed by TransUnion;

"ECTA” means the Electronic Communications and Transaction Act, 2002;

"Input Data” means the Customer’s proprietary data submitted to TransUnion when processing an enquiry via the Decision System;

"NCA” means the National Credit Act, 34 of 2005 together with the Regulations as well as the National Credit Act 19 of 2014 and the accompanying amended Regulations;

"Prescribed Information” shall bear the meaning set out in Regulation 18 (6);

"Prescribed Purpose” shall bear the meaning set out in Regulation 18 (4) and Regulation 18 (6);

"Recommendation” means a system generated recommendation, derived from a pre-determined set of rules used to analyse the Input Data and produce an objective opinion, which could include inter alia the following alternatives namely “accept”, “refer”, “serious refer” or “decline”;

"Regulations” means the National Credit Regulations, published in Government Gazette No. 8477. Notice 28864 and such other Regulations promulgated in terms of the NCA from time to time;

“Report” means a credit report and / or consumer enquiry generated response to a Request;

“Request” means a request for a Report;

“Services” means the services that the Customer subscribes to from GBG from time to time, part of which includes the provision of Reports to the Customer; and

“Terms” means the terms and conditions set out herein.

2. UNDERTAKINGS

2.1. General Compliance with Laws and Associated bodies: When being provided with the Services the Customer shall:
a. at all times comply with the requirements for the receipt, compilation and reporting of information (including, but not limited to, Prescribed Information and Consumer Credit Information) as prescribed by the NCA and other applicable Laws;
b. ensure that it is the only entity that uses the Services and that no other entity/ies within its Group use the Services;
c. at all times comply with all Data use and Data protection requirements as may be applicable to the Services as dictated by TransUnion’s data protection policies in force from time to time and/or any applicable Laws; and
d. as required by the NCA and other applicable Laws, protect the confidentiality of any Confidential Information pertaining to a Consumer or prospective Consumer and in particular shall only release such Confidential Information to TransUnion in accordance with the NCA.

2.2. Use of Consumer Credit Information/Reports: Any Consumer Credit Information and/or Report and/or Recommendation containing Consumer Credit Information shall be used by the Customer solely and exclusively for a Prescribed Purpose. The Customer shall not, whether directly or indirectly, sell or use for any other commercial purpose the Report(s) and/or any of the contents thereof.

2.3. Consents: The Customer shall ensure that prior to submitting to and/or requesting any Consumer Credit Information or Reports from TransUnion it shall have obtained all Consumer consents (whether from natural or juristic persons – as applicable) that may be required in terms of the NCA or any other applicable Laws to submit, request and/or receive such Consumer Credit Information or Reports, as the case may be.

2.4. Security: All persons accessing the Services on the Customer’s behalf have been duly authorized by the Customer to do so. In addition, the Customer shall ensure that only it or its authorised representatives have access to any PIN and/or password PIN issued for the purposes of requesting a Report. The Customer shall be liable for transactions, fees and other costs arising out of the use by any person of TransUnion’s services via the PIN and/or Password whether or not such use is or has been authorised by the Customer.

2.5. Notification: The Customer shall immediately notify GBG and TransUnion in writing of any breach or attempted breach of security of which the Customer become aware or ought to have become aware of and the Customer shall take reasonable steps to prevent a recurrence thereof and to mitigate the effects of such breach. GBG shall, through TransUnion, be entitled to fully investigate such breach or attempted breach and the Customer shall give GBG its full co-operation with such investigation. Furthermore, the Customer shall be liable for transactions, fees and other costs arising out of the use by any person of the Services including use of the Services arising from a security breach.

2.6. Submission of Data to TransUnion: The Customer shall ensure that any Consumer Credit Information requested from or submitted to TransUnion, whether directly or through GBG:

a. shall contain, in relation to a Consumer who is a natural person, the minimum criteria as set out in Regulation 19(1); and
b. shall contain, in relation to a Consumer who is a juristic person, the juristic person’s registered and trading name; registration number, registered address, physical and postal address.

2.7. Adverse Credit Information: Generally in relation to the provision of data, and in relation to listings of adverse credit information/defaults, the Customer undertakes that:

a. it is lawfully entitled to submit the Consumer Credit Information, Prescribed Information and Confidential Information to GBG or TransUnion and shall ensure that all information reported by it shall be accurate, up-to-date, relevant, complete, valid and not duplicated;
b. it shall only list adverse credit information in respect of Consumers if (i) it is a member of the CPA (in which case listing of adverse credit information must be done via its monthly payment profile submissions to the credit bureaus); (ii) it is a data supplier to the National Loan Register (“NLR”) (it shall not however be entitled to list defaults in the public domain. This is because public domain defaults are not created for data that is submitted to the NLR); or (iii) it is neither a CPA nor a NLR member, provided that it shall only be able to provide TransUnion with the nature of information, and the related purposes, in accordance with clause below; and
c. it shall submit only information which falls in the permitted categories set out in Regulation 18(6) of the NCA;
d. the Client may not list information of the following nature, whether or not Consumer consent has been obtained, and of any nature that may be notified by TransUnion from time to time:

2.8. The Customer will give its customers twenty (20) Business Days’ written notice, as required by Regulation 19(4), of its intention to submit adverse information regarding the customer before such information is submitted to TransUnion.

2.9. The Customer will fully and timeously co-operate with TransUnion’s requests for credible evidence related to a listing when that listing has been challenged by a Consumer as part of any Information Challenge.

2.10. Removal Of Information From Transunion’s Database A default listing shall only be removed from TransUnion’s database if it is factually incorrect, related to fraud or a duplicate listing.

2.11. The Customer does not and will not, unless lawfully entitled to do so, take an upfront fee in order to remove or clear a person’s name from the blacklist of a credit bureau.

2.12. TransUnion may, at any time, and at its sole discretion remove any information from its database with immediate effect, except information which TransUnion is obliged to retain in terms of the NCA and any other applicable Laws; and/or verify the accuracy of any statement or information obtained from the Customer.

2.13. Consumer Credit Information Requested In Respect Of Juristic Persons And Their Principles: The Customer acknowledges that in the event that it requests Consumer Credit Information in relation to any juristic person/s, the relevant commercial report to be provided to it may contain Consumer Credit Information relating to that entity’s directors, senior leadership and/or key stakeholders in the business (“Principals”).

2.14. In light of the above, the Customer undertakes:
(a) it shall be fully authorised, as required by all applicable Laws, to obtain the Consumer Credit Information in respect of the Principals; and
(b) in the event that it requests Consumer Credit Information relating to both its Consumers and their Principles, it shall have fully complied with the requirements as set out in Section 18(5) of the Regulations; and it shall have obtained all required consents for obtaining and having sight of information regarding the Principals.

2.15. Information which the Customer submits to TransUnion, whether directly or through GBG, may be utilized by TransUnion as part of its database in the ordinary course of its business as a registered credit bureau.

2.16. Requests For Reports For A Consumer: The Customer shall be entitled to request Reports for purposes of counselling certain Consumers strictly in circumstances where the Customer is a registered debt counsellor and is accessing and using the reports solely in its capacity as a debt counsellor.

2.17. Prior to submitting and requesting a Consumer’s report for purposes of debt counselling the Customer:
(a) shall ensure that the Consumer has provided it with written, informed and specific consent to TransUnion releasing his/her relevant Consumer Credit Information to the Customer;
(b) shall obtain a clear copy of the Consumer’s identity document and proof of address not older than three (3) months old, and shall ensure that such documents are retained for a period of 3 years. When requested by TransUnion the Customer shall furnish TransUnion with proof to its satisfaction that the Customer has complied with this obligation; and
(c) shall ensure and warrant that the Consumer Credit Information is used strictly for purposes of debt counselling sessions with the Consumer, and provided to the Consumer and/or destroyed thereafter. The Customer shall not be entitled to store and use the Report/s for any other purpose.

2.18. Request For Information: On the request therefore by TransUnion or GBG (as applicable), the Customer shall furnish TransUnion or GBG, its representatives or an independent third party, as the case may be, with such information, data, records and Reports (collectively “the Items”) as is necessary for TransUnion or GBG (as applicable) to ensure the Customer’s compliance with these Terms.

2.19. Following receipt of the Items, where the Items furnished as aforesaid are not sufficient to enable TransUnion to confirm the Customer’s compliance with these Terms, the Customer shall furnish TransUnion, its representatives or an independent third party, as the case may be, with any additional and specific Information requested by TransUnion. Thereafter, should such additional information not be sufficient to enable confirmation as aforesaid, TransUnion, an independent third party or independent auditor as the case may be, shall be entitled on reasonable notice to the Customer, and during business hours, to audit the Customer solely for the purpose of ensuring its compliance with these Terms.

2.20. Should the Customer fail or refuse to submit to the compliance audit set out in clause 2.18 above, TransUnion shall be entitled to immediately terminate the Customer’s access to the Services.

3. GENERAL

3.1. The Customer shall not cede any of its rights or delegate any of its obligations in relation to the procurement of the Services to any third party.

3.2. In the event of a conflict between the provisions of these Terms and the NCA, as read with the Regulations, or any other applicable Laws, the provisions of the NCA as read with the Regulations or the Laws (as the case may be) will prevail.

APPENDIX 8 – CHINESE DATA SERVICES

The data that GBG uses to provide item checks (0257) and (0258) is supplied by GBG’s Chinese data partner(s). The Chinese Data Services are provided as a batch service. GBG is obliged under the terms of its agreement with its Chinese data partner(s) to ensure that all Clients agree to comply with the following provisions:

1. BATCH SERVICE

1.1. Where the Client selects “ID3 Check China” on the Order Form the Client will be required to submit a file to GBG containing specific information (“Input Data”) which GBG will pass on to its preferred Chinese data partner(s) for them to process against their records.

1.2. The Client is solely responsible for the accuracy and quality of the Input Data file. GBG will not check the content of the Input File before it is sent to GBG’s Chinese data partner(s).

1.3. The results of the item check will be returned to the Client as a complete file (“Output Data”). The Client accepts that GBG has no control over the accuracy or completeness of the Output Data returned to the Client.

1.4. As the Chinese Data Services are not provided directly through GBG’s ID3global platform, the special conditions relating to the provision of Professional Services at Schedule 2 shall also apply to this particular item check.

1.5. It takes up to five Business Days for GBG’s Chinese data partner to process the Input Data and return the Output Data to GBG. Although GBG will endeavour to exceed this timeframe, the Client acknowledges that the processing time is a target time over which GBG has no control.

2. DATA PROTECTION OBLIGATIONS

2.1. The Client warrants that it has obtained the appropriate active and informed consent from each individual whose details are provided in the Input Data file.

2.2. The Client confirm that in accessing and obtaining the Chinese Data Services it will at all times observe and comply with the data protection rules of China.

2.3. The Clients confirm that it will only use the Chinese Data Services and Output Data for lawful purposes and that in no event will the Chinese Data Services or Output Data be used in connection with transactions involving any illegal activities or violations of law, rules or regulations.

3. QUALITY AND ACCURACY OF DATA

3.1. The Client acknowledges, understands and accepts that:
a. It is responsible for the quality, accuracy and completeness of the Input Data supplied and that no validation of the Input Data is undertaken by GBG before it is sent to GBG’s Chinese data partner(s) for processing.
b. That it will be charged in full for the processing performed on the Input Data notwithstanding any errors and/or inaccuracies contained in the Input Data.
c. The Output Data is supplied on an “as is” basis and that no validation of the Output Data is undertaken by GBG or its Chinese data partner(s) before returning this to the Client.

4. TERMINATION

4.1. Notwithstanding the termination provisions in the Agreement, under the terms of GBG’s agreement with its Chinese data partner, the supply of the Chinese Data Services can be terminated by GBG providing the Client with 120 days’ notice.

APPENDIX 9 – NEW ZEALAND DATA SERVICES

The data that GBG uses to provide item check (0264-6/0297) is supplied by DataZoo GBG’s New Zealand data partner. GBG is obliged under the terms of its agreement with DataZoo to ensure that all Clients agree to comply with the following provisions:

1. GENERAL

1.1. Data Zoo licences its telephone directory from Yellow Pages Group New Zealand.

1.2. Before any query is made using the New Zealand Data Services the Client must obtain the consent of the Data Subject (ie. the individual in respect of whom the enquiry is being made to search their drivers licence information). Furthermore, the Client agrees to make available the consent that it receives from the Data Subject, should it be requested by any relevant New Zealand authority or by DataZoo.

APPENDIX 10 – PEPS, SANCTIONS & ENHANCED DUE DILIGENCE SERVICES

The data that GBG uses to provide item checks (0208), (0209), (0123), (9001), (9002), (9003), (9004), (9005), (9006), (9007) and (9008) is supplied by GBG’s PEPs, Sanctions and Enhanced Due Diligence data partner. GBG is obliged under the terms of its agreement with its PEPs, Sanctions and Enhanced Due Diligence data partner to ensure that all Clients agree to comply with the following provisions:

1. DEFINITIONS

1.1. In these terms and conditions, unless the context clearly indicates otherwise:

“Annual Licence” means the licence which grants the Client the right to carry out a specified number of Searches during a 12 month period.

“Data” means information stored on an individual Data Subject (including: full name, address, date of birth).

“Database” means any database which is managed by the Licensor and updated on a daily basis, against which a Data Entity may be matched.

“Data Entity” means a logical subset of Data. The Data sent to the Licensor will comprise of a number of Data Entities.

“Data Template” means the template form made up of Unique Records which must be completed by the End User and provided to the Licensor in order to access the EDD Services and/or to set up an Ongoing Monitoring profile.

“Detailed Investigation” means the interactive web page which displays information from the Database and allows the Client to search and cross-reference matched records.

“End User” / “Client” means the individual, body corporate or public authority named on the Order Form who is permitted to use the Service under this Agreement.

“Enhanced Due Diligence Services” / “EDD Services” - means the provision of an enhanced due diligence services including the delivery of an EDD Report as may be amended by the Licensor from time to time.

“EDD Report” means the report document that contains information related to a Data Subject’s identity, address, occupation, business and occupational background, associated individuals and entities as well as a summary of potential risk factors as at the time of reporting. The content and level of detail in each EDD Report will depend on the type of report purchased as detailed in the Order Form and the date on which the EDD Report is created.

“EDD Request” means the submission of a Data Template requesting an EDD Report.

“Identity Verification” means validating that the claimed identity of an individual or company actually exists and verifying that the person or company who lays claim to said identity is actually who they claim to be.

“Licensor” means GBG’s PEPs, Sanctions and Enhanced Due Diligence data partner.

“Ongoing Monitoring” means the automated process which enables the End User to monitor individual Data Subjects and to receive PEP Screening and Sanctions Check updates on an ongoing basis.

“PEP Screening” means screening for political risk of any nature.

“Sanctions Check" means screening for any sanctions against any party imposed by any governmental of official body.

“Search” means the PEP Screening and/or Sanctions Check matching End User Data/Data Entities against the Database and the returning of results.

“Service” means the use of the Licenced Products for the purposes of carrying out Searches via an Annual Licence or receiving updates via the Ongoing Monitoring method and/or the provision of Enhanced Due Diligence Services.

“Unique Record” means each unique Data record identified by its Unique Reference Number specified in Data Template.

“Unique Reference Number” means the End User generated alphanumeric code allocated to each Unique Record in the Data Template.

2. PROVISION OF THE SERVICES

2.1. The Service may be used in accordance with these terms and conditions for the purposes of Identity Verification, Sanctions Checking and/or PEP Screening.

3. ANNUAL LICENCE

3.1. Where the Client has purchased an Annual Licence for PEP Screening and/or Sanctions Checks the terms set out in this clause 3 shall apply.

3.2. As part of the Annual Licence the Client shall be entitled to carry out a specified number of Searches per year, as set out in the Order Form.

3.3. Each Search result will contain a link to the Licensor’s Detailed Investigation record which will be available for the Client to view for a period of thirty (30) days from the date of the relevant Search. After this period the Detailed Investigation record will no longer be available and the Client will need to carry out a further Search to regain access to the Detailed Investigation record.

3.4. Detailed Investigation is only offered in conjunction with a Search and is not offered independently.

3.5. Where a Client exceeds the total number of Searches permitted by its Annual Licence in any 12 month period GBG reserves the right to increase the Charges payable for the following 12 month Annual Licence period.

4. ONGOING MONITORING

4.1. Where the Client has selected to carry out Ongoing Monitoring for PEP Screening and/or Sanctions Checks the terms set out in this clause 4 shall apply.

4.2. In order to access the Ongoing Monitoring part of the Services the Client must complete the Data Template specified by the Licensor. GBG will provide support to the Client during the initial process of setting up the Data Template as part of its Professional Services obligations. However, the Client shall be solely responsible for the completion of the Data Template.

4.3. If the Client wishes to make any changes to the Data Template during the term of this Agreement (including deleting, adding or amending any Unique Records) the Client must communicate those changes to the Licensor directly in accordance with the process specified in the “ID3global Ongoing Monitoring Data Specification” document.

4.4. The Client will be charged a fixed fee for each Unique Record added to the Data Template at the end of the calendar month in which that Unique Record is added and again annually every 12 months thereafter until such time as the Unique Record is deleted from the Data Template.

4.5. The Licensor will determine the charges owed for the Ongoing Monitoring part of the Service by reference to the number of Unique Records within the Client’s Data Template. For the avoidance of doubt, the Client shall be liable to pay the charges owed for each Unique Record contained within its Data Template, including any Data uploaded by the Client and identified as Unique Record in error.

5. ENHANCED DUE DILIGENCE SERVICES

5.1. Where the Client has purchased EDD Services the terms set out in this clause 5 shall apply.

5.2. In order to access the Enhanced Due Diligence Services the Client must complete the Data Template specified by the Licensor. The Client shall be solely responsible for the completion of the Data Template.

5.3. The information provided to the Client as part of the Enhanced Due Diligence Services has been extrapolated by the Licensor from multiple publicly available sources across a variety jurisdictions. This information is presented in the EDD Report in a password protected PDF format.

5.4. All EDD Reports are manually produced by the Licensor. On receipt of an EDD Request, the Licensor shall use its reasonable endeavours to create an EDD Report in accordance with the timescales identified in the table below. However, the Client acknowledges and accepts that any suggested delivery time is estimation only and may be subject to change. Accordingly, time is not of the essence in relation to the delivery of any EDD Report.

EDD Report Type Estimated Timescale
Standard 3 Business Days
Premium 4 Business Days
Executive 7 Business Days
Bespoke 10 Business Days

5.5. All research carried out as part of the EDD Services is ‘desktop-based’ and consequently the Client acknowledges and accepts that information contained in an EDD Report may not be sufficient for its purposes. The Client further acknowledges and accepts that in some instances it may also be appropriate to conduct local investigations.

5.6. As the information and Data used by the Licensor to provide the EDD Services and EDD Report is supplied by third parties, the Licensor does not have direct control over the quality and accuracy of such information. Whilst the Licensor has used its reasonable endeavours to ensure the accuracy of the EDD Report, the Client acknowledges and accepts that the information and Data obtained by the Licensor may contain errors or omissions and that the EDD Report is provided without any warranties regarding the quality or accuracy of any information or Data contained within it.

5.7. Nothing within the EDD Report should be taken as a recommendation on the suitability of the EDD Report for any commercial transaction, and the Client accepts full responsibility for any business decisions made using this EDD Report.

5.8. All individuals and businesses having negative media and/or allegations of any criminal activity must be deemed to be innocent until proven guilty in a court of law. GBG and the Licensor accept no responsibility to the Client or to the individual or business who are the subject of an EDD Report for any decision made as a result of the Client’s use of the EDD Report.

APPENDIX 11 – HONG KONG DATA SERVICES

The data that GBG uses to provide item check (0324) includes consumer credit information about Hong Kong Data Subjects. These Hong Kong Data Services are supplied by GBG’s Hong Kong data partner. GBG is obliged under the terms of its agreement with its Hong Kong data partner to ensure that all Clients agree to comply with the following provisions: This Appendix 11 contains restrictions on the type of organisation which can access the Hong Kong Data Services, please read these provisions carefully to ensure that you are able to comply with all relevant terms.

1. DEFINITIONS

1.1. In these terms and conditions, unless the context clearly indicates otherwise:

“Database” means the database owned and maintained by GBG’s Hong Kong data supplier which contains the consumer credit data and other items of data including consumer address and certain identifier information that it is allowed to collect and retain under the Code of Practice on Consumer Credit Data issued by the Privacy Commissioner.

“Data Subject” means the individual who is the subject of the Input Data and the Personal Data contained in the Database.

“Deliverable” means the output delivered by GBG’s Hong Kong Data Supplier.

“Hong Kong” means the Hong Kong Special Administrative Region of the People’s Republic of China.

“Input Data” means the data provided by the Client for the Service.

“Ordinance” means the Personal Data (Privacy) Ordinance (Chapter 486 of the Laws of Hong Kong) in force from time to time.

“Personal Data” means the personal data as defined under the Ordinance.

“Privacy Commissioner” means the Privacy Commissioner for Personal Data, Hong Kong.

“Purpose” means the verification of the information collected from individual consumers for anti-money laundering, identification and risk mitigation purposes.

“Service” means the Deliverable as requested by the Client to be provided by GBG via its Hong Kong data supplier.

“Service Agreement” means the service agreement that the Client has entered into with GBG in respect of the provision of the Service.

2. REQUIREMENT FOR ACCESS TO THE HONG KONG DATA SERVICES

2.1. Before accessing the Hong Kong Data Services, the Client must confirm and verify that it:
a. is a legitimate existing business;
b. has the appropriate consent required under the Ordinance in order to access and use the Personal Data of the Data Subjects and the Deliverables; and
c. will use the Deliverables only for the Purpose.

3. CLIENT RESPONSIBILITIES

3.1. The Client shall request the Service for the Purpose and for no other purpose pursuant to procedures prescribed by GBG and its Hong Kong data partner from time to time.

3.2. The Client warrants that it will not request the Service, which involves the use of Personal Data, unless:
a. a clear and conspicuous disclosure is first made in writing to the Data Subject before the Service is requested;
b. the Service and the Service Deliverables are only used by the Client for the Purpose;
c. the Client has obtained the authorization and such other documents from each Data Subject in accordance with the Ordinance and any other applicable privacy laws in Hong Kong; and
d. the Service, the Deliverables and any information contained or derived therefrom are not used in violation of any applicable Hong Kong law or regulations.

3.3. The Client shall keep the Service and all Deliverables, their content, as well as any information derived therefrom or contained therein in strict confidence and may only keep them for a reasonable time that is not longer than necessary for the Purpose.

3.4. The Client shall destroy or delete the Deliverable as soon as it is no longer necessary for the Purpose to keep the Deliverable. For the avoidance of doubt, a copy of the Deliverable may be kept for regulatory and compliance purposes.

3.5. The Client will maintain copies (including electronic copies) of all forms and authorisations obtained from the Data Subject for a minimum of three (3) years from the date of inquiry. Those records must be made available to GBG (and/or its Hong Kong data supplier) within fourteen (14) business days of a request being made.

3.6. The Client must not resell or otherwise release the Hong Kong Data Services to another third-party business, entity or person.

3.7. The Client must not use the Hong Kong Data Services for any of the following purposes:
a. Adult entertainment service of any kind (but not including legal online gaming);
b. Attorney or Law Firm engaged in the practice of law, unless engaged in collection or using the Service or Deliverable in connection with a consumer bankruptcy pursuant to the written authorization of the consumer;
c. Bail Bondsman, unless licensed by the state or region in which they are operating;
d. Credit counselling, except not-for-profit credit counsellors;
e. Credit repair clinic;
f. Dating service;
g. Financial counselling, except a registered securities broker dealer;
h. Genealogical or heir research firm;
i. Massage service;
j. Company that locates missing children;
k. Pawn shop;
l. Private detective, detective agency or investigate company;
m. Company that handles third party repossession;
n. Subscriptions (magazines, book clubs, record clubs, etc.);
o. Tattoo service;
p. Company seeking information in connection with time shares (exception: financers of time shares);
q. Law enforcement agency;
r. Asset location service; or
s. News agency or journalist.

3.8. Prior to using the Hong Kong Data Services the Client must receive consent from the Data Subject in the form specified below:

“For verifying my identity for the purposes of anti-money laundering, identification and risk mitigation, I, [Name], voluntarily provide [You] (“Service Provider”) and/or GBG Group PLC (“GBG”) with my Personal Data (as defined below) and hereby expressly consent to and authorise the following:
“Personal Data” refers to such data only consist of the following (and shall include any updated data of the following items from time to time):
(a) my full name, including surname, given name and other name;
(b) my Hong Kong Identity Card Number;
(c) my date of birth;
(d) my correspondence address; and
(e) my telephone number.

This consent and authorization is given by me to the Service Provider on its own behalf, and on behalf of, and as agent for, GBG and TransUnion Limited (“TransUnion”) for the following uses of my Personal Data:
(i) the transfer to TransUnion by the Service Provider, through GBG, of my Personal Data for verification of my Personal Data;
(ii) TransUnion checking if my Personal Data is on the database of TransUnion;
(iii) TransUnion providing the matching result to GBG and Service Provider, which may or may not be located inside Hong Kong, without having sent me any copy of the result for my review; and
(iv) Retention of the Personal Data for the period necessary.

By submitting this data, I understand the above and I give consent to and authorize the Service Provider, GBG and TransUnion to act in accordance with (i) to (iii) above. Further, I agree and acknowledge that the use of my Personal Data for the above by the Service Provider, GBG and TransUnion shall not be made the basis for any complaint, claim, suit, demand or cause of action or other proceeding against the Service Provider, GBG, or TransUnion Limited by me or any third party.

________________________

[Name of Data Subject]

[Date]"

4. TERMINATION

4.1. Notwithstanding the other termination provisions contained within the Agreement, under the terms of GBG’s agreement with its Hong Kong data supplier, the Hong Kong Data Services May be terminated immediately upon notice to Client, with just cause, such as delinquency or breach of the terms of this Agreement or if required to ensure compliance with any applicable law, or in the event that there is a material change in existing legal requirements which adversely affects this Agreement.

APPENDIX 12 – ROYAL MAIL NCOA® ALERT DATA SERVICES

The NCOA® Alert Data that GBG uses to provide item checks (0158) and (0239) is supplied by Royal Mail Group Limited (“Royal Mail”) who is the supplier and/or owner of the NCOA® Alert Data. GBG is obliged under the terms of its agreement with Royal Mail to ensure that all Clients who use the NCOA® Alert Data Services agree to comply with the following provisions (“Minimum Terms”):

1. DEFINITIONS

1.1. In these terms and conditions, unless the context clearly indicates otherwise:

"Applicant" an applicant for the Client’s products or services;

"Applicant Record" the name and address (and, where available, the date of birth) of an Applicant which have been lawfully and fairly obtained by the Client for the purpose of verifying the Applicant's application for the relevant product or service;

"Decryption Process" the codes, methodology and/or medium to be deployed to decrypt, use or activate the ID3global Service;

“EEA” the European Economic Area comprising, for the time being, the EU member states, Norway, Iceland and Liechtenstein;

“Intellectual Property Rights” all intellectual property rights including copyright and related rights, database rights, trademarks and trade names, patents, topography rights, design rights, trade secrets, know-how, and all rights of a similar nature or having similar effect which subsist anywhere in the world, whether or not any of them are registered and applications for registrations, extensions and renewals of any of them;

"Match" each instance where the full name and address (and, where available, the date of birth) within an Applicant Record is identified as identical to the full name and Old Address (and, where available, the date of birth) included in the NCOA® Alert Data;

"NCOA® Alert Data” the Redirection Data and Non-Redirection Data licensed to GBG by Royal Mail which is comprised in the ID3global Service;

"New Address” the address specified by a Redirection Customer as that to which mail should be redirected (as subsequently amended by Royal Mail, if necessary, to ensure that the address information is correct for Royal Mail's postal purposes);

"Non-Redirection Data” data collected from databases or sources other than the Redirection Forms;

"Old Address” the address specified by a Redirection Customer as that from which mail should be redirected (as subsequently amended by Royal Mail, if necessary, to ensure that the address is correct for Royal Mail's postal purposes);

"Permitted Purpose" to search for and identify Matches in order to find out where a mail redirection is or has been in place or is pending in the name of an Applicant for the explicit purpose of verifying the identity of the Applicant for the prevention of fraud including cases of money laundering and impersonation of the Applicant;

"Redirection Customer” a customer of the Redirection Service;

"Redirection Data” data collected from the Redirection Forms completed by Redirection Customers.

"Redirection Form” the application form completed by individuals who wish to use the Redirection Service; and

"Redirection Service" Royal Mail's redirection service provided to members of the public who wish to have mail which is addressed to them forwarded from their Old Address to their New Address.

2. LICENCE

2.1. In consideration of the Client complying with these Minimum Terms, GBG grants to the Client a non-exclusive, non-transferable, revocable sub-licence to access and use the NCOA® Alert Data Services accessed as part the ID3global Service for the Permitted Purpose.

2.2. The Client shall not:
a. Sell, deal, transfer, sub-license, distribute, commercially exploit or otherwise make the NCOA® Alert Data Services or NCOA® Alert Data available to third parties or for the benefit for third parties or use for the benefit of third parties other than in accordance with these Minimum Terms.
b. Copy, adapt, alter, modify, or otherwise interfere with the results of the NCOA® Alert Data Services or combine the same with other materials or data.
c. Assign, sub-contract or otherwise deal with this Agreement for the NCOA® Alert Data Services or any part of it.
d. Retain any information relating to Matches on Applicant Records or credit files, provided that, by way of exception and where relevant, the Client may separately retain information on Matches only for a period of up to a maximum of five years from the date of termination of the relevant customer relationship in so far as and for as long as this is necessary to comply with the Financial Services and Markets Act 2000, any statutes, statutory instruments, regulations, rules, guidance or codes of practice (and modifications and/or re-enactments of the same) issued by the Financial Services Authority and/or issued pursuant to any EU Directives on Money Laundering (including but not limited to the Proceeds of Crime Act 2002 and the Money Laundering Regulations 2003 SI 2003/3075, and the Joint Money Laundering Steering Group guidance).
e. Withhold any product or service from an Applicant solely on the basis of the results of the NCOA® Alert Data Services.

2.3. The Client shall comply in full at all times with all requirements concerning the Decryption Process set out within the Agreement with GBG and ensure that all details of the Decryption Process are only provided to employees on a strictly "need to know" basis and for use only in accordance with the Permitted Purpose. All details concerning the Decryption Process are treated as confidential at all times.

3. LIABILITY

3.1. In signing this Agreement incorporating these Minimum Terms the Client accepts that it shall be directly liable to Royal Mail for any breach of these Minimum terms and it shall indemnify and keep indemnified Royal Mail against all losses, costs, claims and damages suffered or incurred by Royal Mail directly or indirectly as a result of a breach of any provision of these Minimum Terms.

3.2. The Client acknowledges and accepts that that Royal Mail does not warrant the accuracy and/or completeness of the NCOA® Alert Data and that Royal Mail will not be liable to the Client for any loss or damage (whether direct or indirect or consequential) however arising from the Client’s use of, or performance of, the NCOA ® Alert Data Services or the ID3global Service, with the exception of death or personal injury caused by Royal Mail's negligence.

3.3. Nothing in this Agreement or the Minimum Terms shall be interpreted as an obligation on Royal Mail to provide NCOA® Alert Data Services or related services directly to the Client.

4. INTELLECTUAL PROPERTY RIGHTS

4.1. The Intellectual Property Rights in NCOA® Alert Data used as part of the NCOA® Alert Data Services shall remain at all times the property of Royal Mail.

4.2. The Client shall not do or permit the doing of anything within its control which will prejudice in any way whatsoever the name of Royal Mail or the rights of Royal Mail in the NCOA® Alert Data.

4.3. The Client undertakes to give immediate notice to Royal Mail if it becomes aware of anything which may prejudice the name of Royal Mail or the rights of Royal Mail in the NCOA® Alert Data and/or any unauthorised use of the NCOA® Alert Data or any other of the Intellectual Property Rights of Royal Mail.

5. DATA PROTECTION

5.1. The Client shall comply with the requirements of the Data Protection Act 1998 and related statutory instruments, regulations or codes or practice ("DPA") as they apply to the Client’s use of the NCOA® Alert Data Services received through its use of the ID3global Services.

5.2. The Client undertakes that it will not do anything or omit to do anything which would place GBG or Royal Mail in breach of the DPA.

6. GENERAL

6.1. GBG may suspend or terminate the Client’s licence to use the NCOA® Alert Data Services with immediate effect at any time if the Client fails to comply with any of these Minimum Terms or if GBG’s agreement with Royal Mail is terminated. The Client further acknowledges that GBG may cease to supply or modify the NCOA® Alert Data Services where Royal Mail is required to cease or change the supply of NCOA® Alert Data by law or by a relevant regulatory body.

6.2. The Client acknowledges and agrees that these Minimum Terms are given for the benefit of Royal Mail and that Royal Mail may enforce the benefits conferred on it under these Minimum Terms as if it were a party to this Agreement, in accordance with the Contracts (Rights of Third Parties) Act 1999. The Client further acknowledges and agrees that Royal Mail shall bring any action for any unauthorised use of its Intellectual Property Rights in the NCOA® Alert Data on its own behalf. Except as set out in this paragraph, a person who is not a party to the Agreement may not enforce any of its provisions under the Contracts (Rights of Third Parties) Act 1999.

6.3. These Minimum Terms are governed by English Law.

APPENDIX 13 – FRENCH DATA SERVICES

The data that GBG uses to provide item check (0331) is supplied by GBG’s French data partner. Under the terms of its agreement with this partner the supply of the French Data Services can be terminated upon GBG providing the Client with 6 months’ notice.

APPENDIX 14 – BELGIAN DATA SERVICES

The data that GBG uses to provide item check (0328) is supplied by GBG’s Belgian data partner. Under the terms of its agreement with this partner the supply of the Belgian Data Services can be terminated upon GBG providing the Client with 12 months’ notice.

APPENDIX 15 – INDIAN DATA SERVICES

The data that GBG uses to provide item check (0323) is supplied by GBG’s Indian data partner. Under the terms of its agreement with this partner the supply of the Indian Data Services can be terminated upon GBG providing the Client with 6 months’ notice.

APPENDIX 16 – FRAUDSCREEN SERVICE

The data that GBG uses to provide item check (0236) is supplied by GBG’s Fraudscreen Service partner. GBG is obliged under the terms of its agreement with its Fraudscreen Service partner to ensure that all Clients agree to comply with the following provisions:

The Fraudscreen Service is provided by Fraudscreen Limited of 22 Friars Street, Sudbury, Suffolk, CO10 2AA (“Fraudscreen”). GBG is authorised by Fraudscreen to enter into agreements on its behalf in relation to this part of the Service. The following terms will, once the Client’s Order Form has been accepted by GBG as agent for and on behalf of Fraudscreen, constitute a binding contract between the Client and Fraudscreen and will be directly enforceable by Fraudscreen.

APPENDIX 17 - SINGAPORE FINANCIAL

The data that GBG uses to provide item check (0326) is provided by one of GBG’s Singaporean data partners. GBG is obliged under the terms of its agreement with this partner to ensure that all Clients agree to comply with the following provisions: 

1. PRICING
1.1. The data supplier shall be entitled to increase its price for the Service in line with any price increase from any of its data suppliers. Additionally the data supplier is entitled to increase its prices no more than once per year limited to a maximum of 15%.
1.2. Should the data supplier increase its fees, GBG shall, on providing 30 days’ notice to the Client, be entitled to increase its prices by the same amount.

2. TERMINATION
2.1. Under the terms of its agreement with the Data Partner the supply of the Singapore Financial Data Services can be terminated upon GBG providing the Client with four (4) months’ notice.

APPENDIX 18 – SINGAPORE POPULATION

The data that GBG uses to provide item check (0325) is provided by one of GBG’s Singaporean data partners. Under the terms of its agreement with this data partner, the Singapore Population Services can be terminated upon GBG providing the Client with 12 months’ written notice.

APPENDIX 19 – MALAYSIA CREDIT

The data GBG uses to provide item check (0326) is supplied by one of GBG’s Malaysian data partners. Should the data supplier increase its fees, GBG shall, on providing six (6) months’ written notice to the Client, be entitled to increase its prices by the same amount. Any price increase will be capped at 5%.

APPENDIX 20 – US MOBILE DATA

The data GBG uses to provide item check (0340) is supplied by US Mobile Data Supplier. Under the terms of its agreement with the data supplier, GBG is obliged to ensure that all Clients accept and agree to the following provisions:

1. USE OF THE DATA

1.1. The Client will immediately notify GBG of, and be fully responsible for, any unauthorised collection, storage, disclosure, use of and access to sensitive information.
1.2. The Client may only use the Service for its own internal business purposes. The data provided may not be disclosed or provided to any third party.
1.3. Prior to accessing the service the Client must get prior consent from the applicable mobile carriers using authorised forms supplied by account manager as part of the due diligence process.
1.4. The US Mobile Data will be provided only with respect to those mobile carriers and data sources that have authorized the use of such data in connection with the provision of Services, and then only to the extent and for the period that such service or data is available or provided by such mobile carriers and data sources.
1.5. The US Mobile Data Supplier shall have the right to discontinue any data source at any time.
1.6. No authorization is given to the Client and no right is conferred to the Client to use any US Mobile Data provided as part of the Service except for the sole purpose of validating a customer’s identity for the purposes of fraud avoidance, identity verification, transaction authentication, or account origination in connection with commercial transactions undertaken by the customer with the Client.
1.7. The Client will comply with all data security, marketing and consumer protection laws that apply to the collection, access, disclosure, and use of Personal Data and will not cause the US Mobile Data Supplier or any mobile carrier to be in violation of any such applicable laws. Additionally, the Client will comply with (a) applicable industry standards and practices and (b) any reasonable and customary privacy-related policies or guidelines within thirty (30) calendar days of receipt of such policies or guidelines from the US Mobile Data Supplier. If Client conducts any direct marketing, it may not rely on any exception to any law governing direct marketing (e.g. the established-business-relationship rule) without first getting the written approval of the US Mobile Supplier Data Supplier.

2. LIABILITY

2.1. The US Mobile Data may not be used to obtain, collect or otherwise submit inquiries with respect to any person under the age of 13, and the Client shall not submit any inquiry, make any API call, or otherwise seek to obtain such information from the US Mobile Data Supplier. The Company shall indemnify, defend and save the US Mobile Data supplier harmless from any loss, damage, cost or expense incurred by the US Data Supplier arising out of or in connection with any violation of the forgoing provision or any violation of the Children’s Online Privacy Protection Act of 1988 (COPPA) or any rules, regulations or orders adopted thereunder.

APPENDIX 21 – GLOBAL MOBILE DATA

The data GBG uses to provide item check (0345) is supplied by one of GBG’s Global data partners. The data partner may increase its fees for the Service on not less than six months’ written notice. Any fee increase will be limited to a maximum of 5% and will occur no more than once per year.

APPENDIX 22 – GLOBAL MOBILE DATA

The data GBG uses to provide item check (0334) is supplied by GBG’s Polish data partner. Under the terms of its agreement with the data partner GBG is obliged to ensure that all Clients accept and agree to the following provisions:
1.1. The supply of Polish Data Services can be terminated upon GBG providing the Client with six months’ written notice.
1.2. Should the data supplier increase its fees, GBG shall, on providing six (6) months’ written notice to the Client, be entitled to increase its prices by the same amount. This price increase will occur no more than once per year.

APPENDIX 23 – ENTITLEMENT TO DRIVE CHECK

The data that GBG uses to provide item check (0337) is supplied by the DVLA. Under the terms of its agreement with this partner the supply of the Entitlement to Drive Check can be terminated upon GBG providing the Client with 6 months’ notice.

1. Definitions

1.1. In these terms and conditions, unless the context clearly indicates otherwise:
“Applicant” means the individual who is the subject of the driving licence check.
“Entitlement to Drive Check” means the service provided by GBG to the Client in order to determine the entitlement to drive of the Applicant who has completed the eConsent process. The Entitlement to Drive Check uses information about that Applicant’s driving record made available to GBG under licence from the Driver Vehicle and Licensing Agency (DVLA) in Swansea. The DVLA is an external agency. The check will be carried out on the Client’s behalf and the results made available to the Client.
“eConsent” means the online process whereby an Applicant provides their consent via a tick box on the Client’s website completing using Second Factor Authentication and completing an ID check, for the Entitlement to Drive Check to be performed.
“Second Factor Authentication” means the two factor authentication process as detailed by GBG from time to time, that requires not only submission of the Applicant’s details but also a second level of verification which can be completed through email or SMS.

2. Supply of the Entitlement to Drive Check

2.1. The Client is responsible for:
(a) obtaining the informed express consent (permission) of the relevant individuals prior to the Entitlement to Drive Check being performed in the form as specified by GBG from time to time;
(b) the accuracy of the Client Information and ensuring that the Applicant has properly supplied the information required to provide the Entitlement to Drive Check and will be liable for any additional fees or Charges that may be incurred through the provision of incomplete or inaccurate information.
2.2. The Client must inform the Applicant that their information will be supplied to ‘GB Group PLC’ to perform the Entitlement to Drive Check and that the Applicant’s submission of their information to the Client’s and completion of the eConsent process is consent for GBG to perform the Entitlement to Drive Check.
2.3. The Client must not use the Entitlement to Drive Check in order to view their own DVLA record. There must be separation between the data subject and the data obtained via the service.
2.4. The Client Information is supplied on the explicit basis that it should not be used for identity checking of any kind. If agreement is obtained from DVLA to provide data to a third party, it is essential that this data is only used to check entitlement to drive. The driver must be made fully aware of who is access his/her information.
2.5. In submitting an Applicant’s details to GBG the Client is warranting that that the Applicant has correctly completed the eConsent process.

3. Liability

3.1. GBG will not be liable for any loss or damage whatsoever for failure or delays in the provision of the Entitlement to Drive Check in contract or for negligence where:
(a) the Client Information including but not limited to any eConsent is incomplete, incorrect, illegible, in the wrong format or is otherwise defective or it fails to arrive or is delayed in transmission or arrival or due to any fault on the Client’s part; and/or
(b) where any delay or failure on GBG’s part to perform the Service is due to causes beyond GBG’s reasonable control.

4. Intellectual Property Rights

4.1. The Client acknowledges that it shall not use or unfairly compete with any trademarks, symbols and/or devices which incorporate or are confusingly similar to, or are a simulation or colourable imitation of, the brands, logos or trademarks of the external agency (being the DVLA). The Client agrees that it shall not during the period of this Agreement, apply anywhere in the world to register, any DVLA brand, logo or trademarks identical to or so nearly resembling the same as to be likely to deceive or cause confusion.

5. Audit Rights

5.1. The Client acknowledges that:
(a) GBG will retain records of the performance of the Service for a minimum period of 7 years from the date of signature the completed driver Mandate; and
(b) GBG may be subject to audits carried out by the Comptroller and/or General Auditor under the National Audit Act 1983 and the Client acknowledges that it may, if necessary, be required to assist in the provision of information (oral or written) in relation to any such audit.

6. Termination and Suspension

6.1. The external agency providing the Entitlement to Drive Check (DVLA) reserves the right to suspend access to the service pending investigation of any claim(s) by an Applicant that they did not provide informed consent to the check or where the DVLA audit indicates that the check(s) were improperly consented.

6.2. GBG reserves the right to suspend the provision of the Entitlement to Drive Check if or if it suspects that the Client is not or has not obtained the correct Applicant consent to allow GBG to perform the Entitlement to Drive Check.

6.3. If any third party or third party data feeds or any other facilities cease to be supplied or available to GBG and this impacts on GBG’s ability to supply the Entitlement to Drive Check, GBG will use reasonable endeavours to find an alternative supplier for these Service on the same or similar commercial terms. In the event that GBG is unable to find an alternative at an acceptable cost to both Parties, either Party may terminate this part of the Service.

1. DEFINITIONS

1.1. The following definitions apply to this Schedule. Any term not defined herein shall have the definition ascribed to it in the Schedule, unless the context indicates otherwise.

"Agreed Delivery Dates" means the dates on which the parties agree that the Member Data shall be transferred as set out in Schedule 1 or as otherwise agreed between the parties;

"Agreed Delivery Methods" means the formats and methods of transfer for the Member Data as set out in Schedule 1 or as otherwise agreed between the parties;

"Applications Coding Service" means the coding of the Applications Data against the Database as described in Schedule 2;

"Applications Data" means new applications data to be provided by the Member to Fraudscreen as described in Schedule 1;

"Bureau Charges" means the charges payable by the Client for the Bureau Services;

"Bureau Services" means the bureau services in connection with the Pre-Mailing Coding Service as described in Schedule 2;

"Codes" means the codes (whether express or implied) which are applied to the Applications Data, Pre-Prospecting Data, Collections Data and/or Recoveries Data, including without limitation the Strategy Format Codes and any other codes, as applicable in the provision of the Services and which are owned by Fraudscreen;

"Collections Coding Service" means the coding of Collections Data against the Database as described in Schedule 2;

"Collections Data" means the data to be supplied by the Client for coding against the Database prior to taking collections action as described in Schedule 1;

"Commencement Date" means the date on which once the Client’s Order Form has been accepted by GBG;

"Database" means the database established and maintained by Fraudscreen using Member Data and data contributed by other User Group Members;

“Data Controller” has the meaning set out in the Data Protection Act 1998;

"Data Processor" has the meaning set out in the Data Protection Act 1998;

"Data Subject" means an individual who is the subject of Personal Data;

“End User” means an end user who obtains products or services constituting or incorporating the Fraudscreen Services from a User Group Member;

"Existing Data" the existing data to be supplied by the Client as described in Schedule 1;

"Fraudscreen Service" means the provision of such of the Applications Coding Service, the Pre-Prospecting Coding Service, the Bureau Services, the Collections Coding Service, the Recoveries Coding Service and any other services;

"Intellectual Property Rights" means all patents, copyrights and related rights, database rights, design rights, trademarks, service marks, trade names, domain names, rights in reputation, goodwill, rights in undisclosed or confidential information (such as know-how, trade secrets and inventions) and other rights of a like nature (whether registered or unregistered) and all applications for such rights as may exist anywhere in the world;

"Member Data" means all the data which is provided by the Client under this Schedule including without limitation where applicable the Existing Data, Applications Data, Quarterly Data, Pre-Prospecting Data, Collections Data and Recoveries Data and any other data agreed between the parties;

"Member End User" means the Client’s End Users (if applicable);

"Member Personal Data" means any Member Data which is Personal Data;

“Non Personal Data” means any data derived from Member Data and data of other User Group Members which does not fall within the definition of Personal Data;

"Personal Data" has the meaning set out in the Data Protection Act 1998;

"Pre-Prospecting Coding Service" means the coding of Pre-Prospecting Data against the Database as described in Schedule 2;

"Pre-Prospecting Data" means the data to be supplied by the Client for coding against the Database prior to a mailing as described in Schedule 1;

"Processing" has the meaning set out in the Data Protection Act 1998 and "Processes" shall be construed accordingly;

"Purpose" means the prevention or detection of fraud, incorrect identity, risk assessment and related purposes and strictly in accordance with the Fraudscreen Service.

"Recoveries Coding Service" means the coding of Recoveries Data against the Database as described in Schedule 2;

"Recoveries Data" means the data to be supplied by the Client for coding against the Database prior to taking recoveries action as described in Schedule 1;

"Quarterly Data" means the applications data to be provided by the Client to Fraudscreen as described in Schedule 1;

"Service Levels" means the service levels set out in Schedule 3;

"Strategy Format Code" the classification based on Codes (whether express or implied) which segment Collections Data and the Recoveries Data for use by the Client and which are owned by Fraudscreen;

"Term" means the period during which this Appendix 16 is in force in accordance with Clause 11 below;

"Third Party" means a third party to whom Fraudscreen provides products and services excluding User Group Members and End Users;

"User Group Members" means organisations that have entered into an agreement with Fraudscreen on terms similar to those set out in this Appendix 16, including without limitation the Client.

2. PROVISION OF MEMBER DATA AND STATUS OF THE PARTIES

2.1. The Client agrees to provide the Member Data to Fraudscreen on the Agreed Delivery Dates and by the Agreed Delivery Methods at its own expense.

2.2. Fraudscreen shall act as a Data Processor on the Client’s behalf for Member Personal Data and for any Personal Data contained in the Codes and provided as part of the Fraudscreen Service. Each User Group Member remains a Data Controller for any Personal Data that it provides to Fraudscreen.

2.3. Fraudscreen shall incorporate the Member Data into the Database.

3. LICENCE

3.1. In consideration of the receipt of the Fraudscreen Service, the Client hereby grants Fraudscreen a royalty-free, exclusive, non-transferable, perpetual and irrevocable licence to use the Member Data on the terms and conditions set out in this Schedule including:
a. for the purpose of building individual customer payment quality profiles on behalf of User Group Members; and
b. for the purpose of developing and providing products and services to Third Parties.

3.2. Without limitation to Clause 3.1 the Client acknowledges and agrees that once incorporated into the Database, Fraudscreen shall have the right to use the Member Data:

a. to provide Fraudscreen Service to User Group Members and that some User Group Members may (with the prior written consent of Fraudscreen) incorporate the Fraudscreen Service into products and services provided to End Users; and

b. to provide products and services to Third Parties provided that in relation to Member Data such products and services incorporate only Non Personal Data and do not disclose any Member Personal Data.

3.3. Without limitation to Clause 3.1, Fraudscreen shall have the right to use the Member Data for the purposes of testing, including without limitation testing for potential new User Group Members.

4. FRAUDSCREEN SERVICE

4.1. Fraudscreen undertakes to:
a. ensure that the Fraudscreen Service is performed in a workmanlike and professional manner using the skill, care and diligence expected of a well experienced service provider; and
b. ensure that the Fraudscreen Service is provided by persons who are suitably qualified for and competent to perform the tasks which fall within their respective responsibilities.

5. USE OF CODES AND FRAUDSCREEN SERVICE

5.1. The Client acknowledges that in generating and holding the Codes and providing the Fraudscreen Service, Fraudscreen acts as a Data Processor on behalf of each individual User Group Member and each individual User Group Member acts as a Data Controller for its Personal Data.

5.2. The Client acknowledges that its permission to use the Codes and Fraudscreen Service is limited to the rights and subject to the obligations expressly set out in this Schedule.

5.3. Without limitation to Clause 5.2 the Client agrees to use Codes and Fraudscreen Service provided by Fraudscreen strictly for the Purpose only and not to pass these whether expressly or implicitly to third parties including without limitation its group companies, associated companies, agents or service providers or other User Group Members without the prior written consent of Fraudscreen. The Client may provide products and services constituting or incorporating the Codes and/or Fraudscreen Service to Member End Users (if applicable).

5.4. The Client acknowledges that a Code is a risk assessment and is not financial or credit information related to an individual and that subject to the terms of this Schedule it is the responsibility of the Client as to how it uses the Codes and Fraudscreen Service in applications, targeting, collections or recoveries processes.

5.5. Subject to the Purpose the Client agrees that it will not retain or use any Code for any longer than three months from the date of the Code being provided to it by Fraudscreen. Notwithstanding this the Client may retain a Code for longer than three months but no longer than twelve months strictly for the additional purpose of retrospectively analysing historic performance.

6. INTELLECTUAL PROPERTY RIGHTS

6.1. The parties acknowledge that, except as expressly provided in Clause 3, Clause 5 and Clause 6 neither party shall have or shall acquire any rights under this Schedule in respect of the Intellectual Property Rights or other rights owned by, or licensed by a third party to, the other party.

6.2. Without limitation to Clause 6.1:
a. The Member Data and all Intellectual Property Rights comprised in the Member Data shall remain the Client’s property;
b. The Database (including the structure, format and compilation thereof), Codes and all Intellectual Property Rights comprised therein and all Intellectual Property Rights arising as a result of the provision of the Fraudscreen Service or comprised in any other products or services developed by Fraudscreen shall remain at all times vested in and owned by Fraudscreen or its licensors (as the case may be) and nothing under this Schedule shall serve to transfer ownership of any such rights to the Client.
c. The Client shall take all reasonable precautions to ensure the protection of Fraudscreen's Intellectual Property Rights, and shall notify Fraudscreen upon becoming aware of any actual or suspected infringement of such Intellectual Property Rights.

7. CONFIDENTIALITY

7.1. Subject to testing rights set out in clause 3.2, each party (the "Receiving Party") recognises that under this Appendix it may receive confidential or proprietary information belonging to the other (the "Disclosing Party"). All such information which is designated as confidential or which is otherwise clearly confidential in nature (including, but not limited to, the Codes), constitutes “Confidential Information”.

7.2. The Receiving Party agrees not to use Confidential Information for any purpose other than the purpose for which it is supplied under this Schedule and agrees not to divulge Confidential Information to any of its employees who do not need to know it, and to prevent its disclosure to or access by any third party without the prior written consent of the Disclosing Party except as may be required by law or any legal or regulatory authority.

7.3. Each party shall ensure that it places its employees, agents and sub-contractors under an obligation of confidentiality in terms no less onerous than those contained in this Appendix. In particular, without limitation, where Fraudscreen provides the Fraudscreen Service on a RealTime basis accessible by employees of the Client, the Client shall ensure that:
a. its employees, agents or sub-contractors only access the Fraudscreen Service using the password provided and are under an obligation to keep any password safe and not to allow others to access the Fraudscreen Service using their password;
b. its employees, agents or sub-contractors are aware that the Codes are the Intellectual Property Rights of Fraudscreen and that they must not use the Codes otherwise than in accordance with the Schedule.

7.4. Each party shall indemnify and keep indemnified the other against all actions, claims, demands, proceedings, damages, costs, charges and expenses whatsoever in respect of any breach by the Receiving Party of this Clause.

7.5. Each party's obligations under this Clause shall continue to subsist notwithstanding expiry or termination of the Client’s Agreement with GBG.

8. PERSONAL DATA

8.1. The Client hereby appoints Fraudscreen as Data Processor in relation to Member Personal Data which Fraudscreen Processes in order to perform the Fraudscreen Service and authorises Fraudscreen to appoint sub-contractors as further Data Processors on the Client’s behalf provided that such further Data Processors are engaged on terms providing equivalent rights to the Client against the further Data Processors and equivalent protections in relation to such Member Personal Data to those set out in this Appendix.

8.2. The Client hereby authorises Fraudscreen to allow other User Group Members and End Users to use data generated from the Database on terms that provide no less protection than this Appendix and to allow Fraudscreen to provide products and services to Third Parties to the extent these constitute only Non Personal Data and do not disclose any Member Personal Data.

8.3. Fraudscreen:
a. will Process Member Personal Data only on the Client’s behalf in compliance with the Client’s instructions and this Schedule;
b. will take reasonable steps to ensure the reliability of those of its employees who are used to Process Member Personal Data and Codes under this Appendix;
c. will promptly notify the Client about:

d. will deal promptly and properly with all inquiries from the Client relating to Fraudscreen’s Processing of Member Personal Data and Codes;
e. will not disclose Member Personal Data or Codes to a third party in any circumstances other than as set out in this Schedule, or where obliged to do so under any statutory or legal requirement;
f. will not transfer Member Personal Data or Codes to a country which does not provide adequate protection, as determined by the Data Protection Act 1998, without the prior written consent of the Client such consent not to be unreasonably withheld or delayed;
g. will allow the Client to inspect Fraudscreen's systems, data Processing facilities, procedures and documentation relating to Member Personal Data and Codes, and those of its sub-processors in order to ascertain compliance with the terms of this Clause 8 provided that any inspection shall be on reasonable notice within working hours and not more frequently than once per calendar year unless there has been a complaint by a Data Subject or a regulator or a breach of security in which case further inspections may be conducted. Each party shall bear its own costs of any such inspection which shall be carried out with the minimum of disruption to Fraudscreen's (and its sub-processors') business and in any event without any material adverse impact on Fraudscreen's ability to deliver the Fraudscreen Service; and
h. will, on request by the Client, promptly provide information which the Client requires in order to comply with:

8.4. Fraudscreen warrants that it has appropriate operational and technological processes and procedures in place to safeguard against any unauthorised access, loss, destruction, theft, use or disclosure of Member Personal Data and Codes.

8.5. The Client warrants that it is notified under the Data Protection Act 1998, that Member Personal Data has been fairly and lawfully obtained in a way which allows use by Fraudscreen, User Group Members and End Users in accordance with this Appendix 16 and that the Client will use the Codes and Fraudscreen Service in accordance with the Data Protection Act 1998.

8.6. The Client agree to indemnify Fraudscreen against any costs, claims, damages expenses, liabilities or losses which Fraudscreen may incur as a result of Fraudscreen's use of the Member Data, provision of the Codes and/or Fraudscreen Service in accordance with this Appendix 16.

9. LIABILITY AND INDEMNITY

9.1. Save as set out in this Appendix or as may be otherwise prohibited by law, Fraudscreen offers no warranties or indemnities in respect of the Codes or the Fraudscreen Service and all conditions or warranties, whether written or oral, express or implied, by statute, at common law or otherwise, including any warranties or conditions of satisfactory quality or fitness for purpose are excluded to the fullest extent permitted by law.

9.2. The Client acknowledges that Fraudscreen has no control over the accuracy of any data provided to it and consequently it cannot offer any guarantees that data provided to the Client will be accurate.

9.3. Nothing contained in this Appendix shall restrict either party's liability for death or personal injury resulting from any act, omission, or negligence of that party or its officers, agents, employees or sub-contractors or either party's liability for fraud or fraudulent misrepresentation or for any other liability for which it is not permissible to limit or exclude by operation of law.

9.4. Subject to Clauses 9.3, 9.5 and 9.6 Fraudscreen will have no liability to the Client for any claim to the extent that the claim is or can be characterised as a claim for or arising from:

a. any loss (whether direct or indirect) of revenue profits or anticipated savings;


b. any loss (whether direct or indirect) of goodwill or injury to reputation;


c. any loss (whether direct or indirect) of business opportunity;


d. any loss (whether direct or indirect) of or corruption to data;


e. any losses (whether direct or indirect) suffered by third parties; or


f. indirect, consequential or special loss or damage, in each case arising out of or in connection with this Schedule regardless of the form of action, whether in contract, strict liability or tort (including negligence) or otherwise and regardless of whether Fraudscreen knew or had reason to know of the possibility of the loss, injury or damage in question.

9.5. Subject to Clauses 9.3, 9.4 and 9.6 the aggregate liability of Fraudscreen in respect of all causes of action arising out of or in connection with this Schedule (whether for breach of contract, in negligence or otherwise) shall not exceed the amount paid by the Client to Fraudscreen for the Fraudscreen Service.

9.6. Notwithstanding Clauses 9.4 and 9.5 and subject to Clause 9.3 no limitation of either party's liability shall apply to any claim for damages or otherwise arising from breach of either party's confidentiality obligations under Clause 7.

9.7. Notwithstanding Clause 9.5 and subject to Clause 9.3 no limitation of the Client’s liability shall apply to any claim for damages or otherwise arising from:

i. Any commercial exploitation of the Codes and/or the Fraudscreen Service and/or the Client’s use of the Codes and/or the Fraudscreen Service in breach of the terms of this Schedule;
j. The Client’s infringement of Fraudscreen's Intellectual Property Rights; or the indemnity for Fraudscreen's use of the Member Data under Clause 8.5.

10. TERM AND TERMINATION

10.1. Either party may suspend the Fraudscreen Services by 30 days written notice to the other if the other commits any material breach of any of the terms contained within this Schedule and (if capable of remedy) fails to remedy such breach within a period of 30 days from the date of receipt of written notice from the other party requiring the breach to be remedied.

10.2. Fraudscreen and the Client may terminate the provision of the Fraudscreen Services forthwith by notice in writing to the other if the other:

a. goes into liquidation (other than a solvent voluntary liquidation for the purposes of an amalgamation or reconstruction);
b. is unable to pay its debts within the meaning of the Insolvency Act 1986 Section 123;
c. has a receiver or administrator or an administrative receiver appointed or notice of intention to appoint an administrator is given or administration order made over or in respect of its assets which is not discharged within 14 days;
d. enters into or proposes to enter into any voluntary arrangements within the meaning of the Insolvency Act 1986;
e. a moratorium comes into force pursuant to Schedule A1 of the Insolvency Act 1986;
f. anything analogous to any of the foregoing under the law of any relevant jurisdiction occurs in relation to that other party; or
g. that other party ceases, or threatens to cease, to carry on business.

10.3. Upon expiry or termination of the Fraudscreen Services the Client must immediately stop using the Codes, Fraudscreen Service and any other Confidential Information belonging to Fraudscreen. The Client must within 28 days of the date on which expiry or termination of the Fraudscreen Services takes effect either, at the request of Fraudscreen, return all such data to Fraudscreen or delete and destroy all Codes and Confidential Information, to the extent that it is capable of being deleted or destroyed, and confirm in writing to Fraudscreen (in a form reasonably acceptable to Fraudscreen) that this has been done.

10.4. Upon expiry or termination of the Fraudscreen Services, Fraudscreen must immediately stop using the Member Data, Member Personal Data and any other Confidential Information belonging to the Client (other than to the extent this forms part of the Codes, Fraudscreen Service or other Fraudscreen products or services). Fraudscreen must within 7 days of the date on which expiry or termination of this Schedule takes effect either, at the request of the Client, return to the Client all such data or delete and destroy all such information, to the extent that it is capable of being deleted or destroyed, and confirm in writing to the Client (in a form reasonably acceptable to the Client) that this has been done.

10.5. Termination of the Fraudscreen Services shall not affect any obligations by either party to the other which are outstanding as at the effective date of termination nor any of the provisions of the Client’s Agreement with GBG (including terms contained within this Schedule) which are to survive termination.

10.6. For the avoidance of doubt, the Client’s agreement with Fraudscreen will terminate immediately once the Client’s agreement with GBG has terminated. It will also terminate in the event that GBG's agreement with Fraudscreen terminates for whatever reason.

11. GENERAL

11.1. Force Majeure
a. Neither party shall be deemed to be in breach of this Agreement or otherwise be liable to the other by reason of any delay in performance or non-performance of any of its obligations hereunder other than a payment obligation to the extent that any such delay or non-performance arises from any cause or causes beyond its reasonable control including, without limitation, any of the following: Act of God, governmental act, war, fire, flood, explosion or civil commotion.
b. If the period of incapacity exceeds 6 months then this Agreement shall automatically terminate unless the parties first agree otherwise in writing.

11.2. Entire Agreement
a. Except as set out on the Order Form, this Agreement constitutes the entire agreement and understanding between the parties in respect of the matters dealt with in it and supersedes any previous agreement between the parties relating to such matters notwithstanding the terms of any previous agreement or arrangement expressed to survive termination.
a. Each of the parties acknowledges and agrees that in entering into this Agreement, and the documents referred to in it, it does not rely on, and will have no remedy in respect of, any statement, representation, warranty or understanding (whether negligently or innocently made) of any person (whether party to this Agreement or not) other than as expressly set out in this Agreement. The only remedy available to it for breach will be for breach of contract under the terms of this Agreement. Nothing in this Clause 11.2 shall exclude or limit liability for fraud or fraudulent misrepresentation.

11.3. Dispute resolution
a. If any dispute arises in connection with this Agreement, directors or other senior representatives of the parties with authority to settle the dispute will, within 14 days of a written request from one party to the other, meet in a good faith effort to resolve the dispute.
b. If the dispute is not resolved at that meeting, the parties will attempt to settle it by mediation in accordance with the CEDR Model Mediation procedure. Unless otherwise agreed between the parties, the mediator will be nominated by CEDR. To initiate the mediation a party must give notice in writing ("ADR notice") to the other party to the dispute requesting a mediation. A copy of the request should be sent to CEDR Solve. The mediation will start not later than 21 days after the date of the ADR notice.
c. The commencement of a mediation will not prevent the parties commencing or continuing court proceedings

11.4. Governing law and jurisdiction
a. This Agreement shall be governed by and construed in accordance with the laws of England.
b. Subject to clause 11.3 above, each party irrevocably agrees to submit to the exclusive jurisdiction of the courts of England over any claim or matter arising under or in connection with this Agreement.

11.5. Notices: Notices shall be in writing, and sent to the other party marked for the attention of the person at the address set out for each party in this Agreement. Notices may be sent by first-class mail or facsimile transmissions provided that facsimile transmissions are confirmed within 24 hours by first-class mailed confirmation of a copy. Correctly addressed notices sent by first-class mail will be deemed to have been delivered 72 hours after posting and correctly directed facsimile transmissions will be deemed to have been received instantaneously on transmission provided that they are confirmed as set out above.

11.6. No modification: No variation of this Agreement or any of the documents referred to in it will be valid unless it is in writing and signed by or on behalf of each of the parties.

11.7. Legal or regulatory changes. In the event of any legal or regulatory changes or decisions, including without limitation a decision from the Information Commissioner, that may affect the operation of this Agreement, the parties agree to negotiate in good faith to amend this Agreement so as to retain its commercial effect.

11.8. Waiver: No forbearance or delay by either party in enforcing its rights will prejudice or restrict the rights of that party, and no waiver of any such rights or of any breach of any contractual terms will be deemed to be a waiver of any other right or of any later breach.

11.9. Severance: If any provision of this Agreement is judged to be illegal or unenforceable, the continuation in full force and legal effect of the remainder of the provisions will not be prejudiced.

11.10. Assignment and sub-contracting
a. Neither may sub-licence, assign or transfer in any way any of its rights, liabilities and/or obligations under this Agreement on a temporary or permanent basis to any third party without the prior written consent of the other.
b. Notwithstanding Clause 11.10(a), Fraudscreen may appoint sub-contractors to carry out processing activities on its behalf in relation to the Member Personal Data, provided that it makes any such appointments in accordance with Clause 10.1.

11.11. Partnership: Nothing in this Agreement is intended to create a partnership or joint venture of any kind between the parties, or to authorise either party to act as agent for the other. except where explicitly stated on the Order Form . Save where expressly so stated in this Agreement neither party will have authority to act in the name or on behalf of or otherwise to bind the other.

11.12. Benefit of Agreement: No term of this Agreement is intended to confer a benefit on, or be enforceable by, any person who is not a party to the Agreement (whether under the Contracts (Rights of Third Parties) Act 1999 or otherwise).

12. SCHEDULE 1 - MEMBER DATA

12.1. Existing Data: The Client agrees to provide Fraudscreen with the following categories of data for newly recruited customers in the period 1 January 2004 until the Commencement Date:
a. application information including full names, addresses, postcodes, email addresses (where available)
b. account data and trading history as agreed between the parties prior to the Commencement Date
c. such other data as supplied by the Client.

12.2. Agreed Delivery Date for Existing Data: within 30 days of the Commencement Date.

12.3. Agreed Delivery Method for Existing Data: any format and media agreed with the bureau engaged by Fraudscreen to create the Database.

12.4. Quarterly Data: The Client agrees to provide Fraudscreen with the data equivalent to the categories set out above for Existing Data for newly recruited customers since the last provision of Existing Data or Quarterly Data.

12.5. Agreed Delivery Dates for Quarterly Data: by the last Friday of March, June, September, and December

12.6. Agreed Delivery Method for Quarterly Data: any format and media agreed with the bureau engaged by Fraudscreen to create the Database.

12.7. Pre-Prospecting Data: The Client may choose to send Fraudscreen details of individuals for whom the Client wishes to obtain a Code prior to targeting the individual. Such data should comprise names and addresses and such other data as supplied by the Client.

12.8. Agreed Delivery Dates for Pre-Prospecting Data: by agreement from time to time between the Client, Fraudscreen and the bureau engaged by Fraudscreen to carry out the Pre-Mailing Coding Service.

12.9. Agreed Delivery Methods for Pre-Prospecting Data: any format and media agreed with the bureau engaged by Fraudscreen to create the Database.

12.10. Applications Data: The Client may choose to send Fraudscreen new applications data for the provision of the Applications Coding Service. Such data should comprise names and addresses and such other data as supplied by the Client.

12.11. Agreed Delivery Dates for Applications Data: by agreement from time to time between the Client, Fraudscreen and the bureau engaged by Fraudscreen to carry out the Applications Coding Service.

12.12. Agreed Delivery Methods for Applications Data: any format and media agreed with the bureau engaged by Fraudscreen to create the Database.

12.13. Collections Data: The Client may choose to send Fraudscreen details of individuals for whom the Client wishes to obtain a Strategy Format Code to determine actions required to recover late payments. Such data should comprise names and addresses, account balance, payment due date, overdue payment amount and such other data as supplied by the Client.

12.14. Agreed Delivery Dates for Collections Data: by agreement from time to time between the Client, Fraudscreen and the bureau engaged by Fraudscreen to carry out the Collections Coding Service.

12.15. Agreed Delivery Methods for Collections Data: any format and media agreed with the bureau engaged by Fraudscreen to create the Database.

12.16. Recoveries Data: The Client may choose to send Fraudscreen details of individuals for whom the Client wishes to obtain a Strategy Format Code to determine actions required to recover late payments. Such data should comprise names and addresses, account balance, date first overdue including year; amount of last payment and such other data as supplied by the Client.

12.17. Agreed Delivery Dates for Recoveries Data: By agreement from time to time between the Client, Fraudscreen and the bureau engaged by Fraudscreen to carry out the Recoveries Coding Service.

12.18. Agreed Delivery Methods for Recoveries Data: any format and media agreed with the bureau engaged by Fraudscreen to create the Database.

13. SCHEDULE 2 - FRAUDSCREEN SERVICE

13.1. Pre-Prospecting Coding Service: If the Client provides Fraudscreen with Pre-Prospecting Data, Fraudscreen will provide the Client with Codes for each individual on the list. At the Client’s request, Fraudscreen will delete from the lists those individuals for whom certain Codes, pre-defined by the Client, are appropriate. Fraudscreen will return the resulting coded file to the Client.

13.2. Applications Coding Service: If the Client provides Applications Data to Fraudscreen, Fraudscreen will provide the Client with Codes for each individual requested. At the Client’s request in relation to batch files, Fraudscreen will process into a different file those individuals for whom certain Codes, pre-defined by the Client, are appropriate and which the Client may not wish to accept. Fraudscreen will return the resulting coded file(s) to the Client, or at the Client’s request, to its agent.

13.3. Bureau Services: bureau processing services provided by Fraudscreen in connection with the Pre-Prospecting Coding Service.

13.4. Collections Coding Service: If the Client provides Fraudscreen with Collections Data, Fraudscreen will provide, at the Client’s request, Strategy Format Codes for each individual on the list. Fraudscreen will return the resulting coded file(s) to the Client.

13.5. Recoveries Coding Service: If the Client provides Fraudscreen with Recoveries Data, Fraudscreen will provide, at the Client’s request, Strategy Format Codes for each individual on the list. Fraudscreen will return the resulting coded file(s) to the Client.

13.6. Other Services:
a. Fraudscreen may provide consultancy services at additional cost
b. Fraudscreen shall have the right to change the format or specification of the Fraudscreen Service upon giving the Client not less than five (5) days' prior written notice (other than in cases of emergency).
c. Fraudscreen and the Client may agree at any time that additional services shall be provided, in which case the parties shall execute a new Order Form which, when signed and dated by authorised representatives of both parties, shall be deemed to form part of this Agreement and to replace the previous Order Form.

14. SCHEDULE 3 - SERVICE LEVELS

14.1. Applications Coding Service:
a. Batch - Monday to Friday only excluding public holidays – in by 13:00; out by 18:00, assuming all data input and output formats are standard and data is posted to an FTP site. All processing rules will be standard for all clients – i.e. match to database and apply a condition code.
b. RealTime - RealTime is the Applications Coding Service carried out as a web-enabled service. Subject to maintenance or update work as set out below, Fraudscreen shall use reasonable endeavours to provide the RealTime service 24 hours a day 365 days a year.

14.2. Error procedures in the Fraudscreen Real-time Service: The Client shall be responsible for recognising errors and should take action accordingly. An error trapping protocol is in place to trap error, exception and/or timeout messages. Where client web page is reliant on the Fraudscreen service, this programming will overwrite interruption to end users, should the Fraudscreen service experience downtime.

14.3. Pre-Prospecting Coding Service, Collections Coding Service and Recoveries Coding Service: Pre-Prospecting Coding Service, Collections Coding Service and Recoveries Coding Service: Fraudscreen shall ensure that it shall provide the results of the above services to Fraudscreen within a 48 hour turnaround of Fraudscreen receiving the relevant Member Data, or issuing the instructions, whichever occurs later.

14.4. Database Maintenance: Fraudscreen shall ensure that all updating and maintenance of Member Data shall be carried out by its bureau within a 30 day turnaround of Fraudscreen supplying the relevant Member Data, or issuing the instructions, whichever occurs later.

14.5. Essential Maintenance: Fraudscreen may from time to time have to suspend access to the Fraudscreen Service in order to carry out essential maintenance or upgrade work. Except in an emergency or circumstances beyond Fraudscreen's control or as reasonably required by its bureau such work will be carried out with reasonable endeavours within normal working hours and Fraudscreen shall give the Client not less than 2 days' notice in writing.

14.6. Viruses: Fraudscreen does not warrant that the Fraudscreen Service shall be uninterrupted or error free or free from all known viruses but Fraudscreen shall use reasonable endeavours to check for the most commonly known viruses prior to delivery of the Fraudscreen Service but the Client is solely responsible for virus scanning the Fraudscreen Service prior to introduction to its systems

Web Services Agreement

SCHEDULE 1 - STANDARD SUPPORT SERVICES

This section only applies if the Order Form shows that Standard Support Services have been selected. If so, this Schedule 1 will apply in addition to the General Terms and any applicable Additional Terms. Any definition not provided in this Schedule shall have the same meaning as set out elsewhere in the Agreement.

1. DEFINITIONS

1.1. The following definitions apply to this Schedule 1:

“Audit Trail” means an electronic record of the result of the match against the Data Entity received and transmitted across the Web Service Interface for an Identity Verification.

“Business Hours” means the working hours in a Business Day being 0900 to 1700.

“Data Entity” means a logical subset of data, for example, ex-directory indicator and telephone number. The data sent across the Web Service Interface will comprise of a number of Data Entities.

“Identity Verifications” means matching data provided across the Web Service Interface against one or more Reference Databases and returning across the Web Service Interface the outcome of the match(es).

“User Guide” means the user guide for the Service.

“Reference Database and Results Guide” means the GBG database reference guide for use with the Service.

“Pilot Site” means access to the Service via a temporary link to the Web Service Interface for the sole purpose of testing any integration and assessing whether the Service meets the Client’s business requirements.

“Planned Maintenance” means any work planned in advance to be carried out by GBG or on GBG’s behalf that may cause the Service to be temporarily suspended.

“Portal” means the front end interface onto the Web Service Interface which allows a manual Identity Verification to be carried out.

“Reference Database” means a database against which a Data Entity is matched. For Passport and Driving Licence Data Entities, Reference Database is defined as a set of consistency checks and checksum calculations on the provided data, rather than matching against an actual database.

“Version” means a new release in any year of the Web Service Interface (new Versions are provided with a distinct number and letter).

“Web Service Interface” means the programmatic interface through which data is passed by the Client to the Service or the Service passes data to the Client.

2. STANDARD SUPPORT SERVICES

2.1. Day-to-Day System Administration: GBG will perform routine system administration of the Service, including server, network and security monitoring.

2.2. Service Management: The Service is provided 24 hours a day, 365 days per year. GBG will respond to faults GBG detects or which the Client reports to GBG as set out in paragraph 2.4 below.

2.3 Helpdesk: GBG will provide the Client with the contact numbers (either telephone or fax, as appropriate) and email address of designated contact points, which will be the Client’s contact points for placing orders, reporting faults and making inquiries relating to the Service. The Client can use the numbers to contact GBG to report faults 24 hours a day, 365 days a year and to order services or make enquiries during Business Hours.

2.3 Fault Reporting and Fault repair:
a. Any faults in the Service need to be notified to GBG’s Helpdesk via the Client’s System Administrator. The Client will need to use the reporting procedures GBG requires it to use from time to time.
b. If the Client reports a fault in the Service or makes a request for assistance, GBG will immediately undertake an initial assessment, provide a fault reference and discuss and agree with the Client a priority level.
c. Progress updates will occur:-

2.5. Service Restoration: Each of the priorities has the following associated target clearance time:

Service Level Target Impact
Priority 1 faults 80% of faults cleared within 4 hours of GBG’s acknowledgement of the fault. The Service is not operational or is inaccessible.
Priority 2 faults 80% of faults cleared by the end of the next Business Day of GBG’s acknowledgement of the fault Service is degraded, a marked increase in time to access the Service.
A problem causing significant reduction in functionality.
Priority 3 faults 80% of faults cleared within 5 Business Days of GBG’s acknowledgement of the fault. The Service is experiencing minor problems but is functioning substantially.
Priority 4 faults Fix available in the next release of the software Minor problem with the Service but does not impact the Client’s use of the Service.

 

2.6. Disclaimer: GBG will always try to resolve any fault within the appropriate target clearance time, but the Client recognises and accepts that GBG may not be able to do so and that these times are only intended to be targets. In some cases we may need to resolve issues with one of GBG’s global data partners which could involve contact being made with them outside of Business Hours due the time zone differences. In this situation the supplier is required to respond to GBG within the same target response times although their business hours timeframe will be subject to the time zone that they are located in. Should this situation arise, GBG will respond to the Client at the very earliest opportunity.

2.7. Outside of Business Hours: Outside of Business Hours: The Helpdesk will only be available to receive reported faults. The target times will not begin until the start of Business Hours on the next Business Day. With the exception of Priority 1 faults, all other priorities which cannot be resolved by the Helpdesk by the end of Business Hours on the Business Day that GBG acknowledges them will be put on hold until the start of Business Hours on the next Business Day.

2.8. Scheduled Service Time: Scheduled Service Time: The Service is provided on a resilient platform enabling GBG to offer a high level of service which is scheduled to be available 24 hours per day, 7 days per week, 365 days per year. The Service has a target of 98.5% availability within any calendar month. This target excludes all periods of Planned Maintenance or any emergency maintenance or updates. GBG will always try to meet and exceed this monthly target availability. However, the Client accepts, that GBG may not always be able to do so and that this level of availability is only intended to be a target level.

2.9. Planned Maintenance: Planned Maintenance: From time to time, GBG may need to schedule maintenance of the Service. GBG will always endeavour to conduct Planned Maintenance at a time that reduces the impact on the availability of the Service. So, where possible, Planned Maintenance will be conducted during low usage periods outside of Business Hours. If GBG needs to suspend the Service for Planned Maintenance (which GBG would only reasonably expect to be under exceptional circumstances) GBG undertake to give the Client as much advance notice as is practicable.

2.10. Customer Reports: Customer Reports: The Service will allow the System Administrator online access to reports on the Client’s usage and Audit Trail logs.

2.11. Version Support: Version Support: The Service will utilise the latest Version of the Web Service Interface. GBG will maintain and support all Versions of the Web Service Interface for up to four years from the date of first release. GBG will expire all Versions older than four years (from the date of release) and GBG will provide the Client with 3 months’ notice if the Client is affected by this expiry. The Client is expected to update its Web Service Interface with the most up to date Version

3. AUDIT TRAIL

3.1. For each Data Entity checked, the name of the Reference Database, the data subject’s personal data, the match result, the date and time matched, and a unique log number will be recorded by the Service for the purposes of an Audit Trail. Where a profile has been used, then the profile reference will also be stored by the Service.

3.2. GBG will use the Audit Trail to determine the number of Identity Verifications the Client has carried out (or which have been carried out on the Client’s behalf) for charging purposes.

3.3. Information held on the Audit Trail will be accessible online by the Client’s System Administrator.

3.4. GBG will hold the Audit Trail information online for a period of 6 months from the date of the Identity Verification. GBG will retain an offline Audit Trail for the duration of this Agreement.

3.5. When this Agreement ends, GBG will provide the Client with a facility to download the Client’s Audit Trail information for the Client’s retention once all Charges due to GBG under this Agreement have been paid. The facility will be available for 30 days after the Client has been notified of the availability of the download facility after which time the audit trail will be deleted from the service.

3.6. If the Client requires from GBG a copy of the offline Audit Trail during the term of this Agreement, GBG will let the Client know on a case-by-case basis what that charge will be.

3.7. Where the Order Form shows that the Document Image Validation product has been selected, GBG will hold within its Audit Trail the image the client submitted for validation ("Stored Image") online for a maximum period of 6 months from the date of the transaction. For the avoidance of doubt, GBG will not retain any offline storage of Stored Images.

4. PILOT SITE

4.1. Upon request the Pilot Site will be provided for a fixed period of time (“Pilot Access Period”), detailed in the Order Form, which shall not exceed six (6) months.

4.2. Access to the Pilot Site shall be allowed, at the discretion of GBG, without Charge up to an agreed figure (“Monthly Pilot Volume”) provided that:

a. the Service is not being used for any productive or commercial purpose;
b. the Service is only being used for processing the Client’s existing Customer Information;

For the avoidance of doubt any usage in excess of the Monthly Pilot Volume will be charged in accordance with the Charges outlined on the Order Form.

4.3. The Client shall not make available the Pilot Site or any information derived by use of, reference to, or comparison with the Pilot Site to any person, or use of any of the same other than solely for the purpose of trialling the Service; nor shall the Client use the Pilot Site in the provision of any services to any other individual or organisation for gain or otherwise unless such use is specifically authorised in writing by Us.

4.4. The technical specification and operation of the Pilot Site and the service levels, response times, support or maintenance provided in relation to the Pilot Site shall be at GBG’s discretion.

Web Services Agreement

SCHEDULE 2 - PROFESSIONAL SERVICES

This section only applies if the Order Form shows that Professional Services have been selected. If so, this Schedule 2 will apply in addition to the General Terms and any applicable Additional Terms. Any definition not provided in this Schedule shall have the same meaning as set out elsewhere in the Agreement.

1. DEFINITIONS

1.1. The following definitions apply to this Schedule 2.

“Example Code” means sample code provided by the Client to GBG to use as a template in integrating the Service into the Client’s systems

“Service Materials” means any and all works of authorship and materials developed, written or prepared by GBG, in relation to the Professional Services (whether individually, collectively or jointly with the Client and on whatever media) which it is required to deliver to the Client pursuant to the Professional Services, including, without limitation, any and all reports, studies, data, diagrams, charts, specifications and all drafts thereof and working papers relating thereto, but excluding ordinary correspondence passing between the Parties.

2. PROFESSIONAL SERVICES

2.1. GBG hereby agrees to provide the Professional Services to the Client in consideration of the Charges set out in the Order Form and upon these terms and conditions.

2.2. Nothing in this Agreement shall operate to prevent GBG from engaging in other professional, consultancy or project management activities.

2.3. The Client hereby authorises GBG and GBG’s sub-contractors to have such access to the Client’s premises, computers and IT systems and other facilities as is necessary in order to perform the Professional Services.

2.4. GBG may provide to the Client directly or give the Client access to Example Code. The Example Code is provided as an example to show how the service integration works. Should the Client use the Example Code directly into the Client’s systems, the Client does so at its own risk. The Example Code is provided "as is", without warranty of any kind, express or implied and in no event shall GBG be liable for any claim, damages or other liability, whether in an action of contract, tort or otherwise, arising from, out of or in connection with the Example Code.

2.5. GBG shall at the Client’s request, in the provision of the Professional Services, provide support in the creation and amendment of the User Profile. The Client’s request to create or amend the User Profile shall be deemed as the Client’s agreement to such creation or amendment.

3. GBG’S RESPONSIBILITIES

3.1. GBG warrants to the Client that the Professional Services:

a. will be provided in a timely and professional manner and that it shall use reasonable endeavours to provide the same in accordance with any Timetable (as defined in 6.1 below);
b. will conform to the standards generally observed in the industry for similar services and will be provided with reasonable skill and care.

3.2. GBG shall be fully entitled to use any skills, techniques, concepts or know-how acquired, developed or used in the course of performing the Professional Services in any way it deems fit and any improvements to GBG’s existing products and/or service made or developed during the course of the Professional Services, subject to the obligations of confidentiality detailed in the Agreement.

4. CLIENT’S OBLIGATIONS

4.1. The Client shall:

a. make available to GBG such office and support services as may be necessary for GBG’s work under this Agreement;
b. ensure that its employees co-operate with GBG’s reasonable requests in relation to the provision of the Professional Services; and
c. promptly furnish GBG with such information and documents as GBG may reasonably request for the proper performance of the Professional Services.

5. EXPENSES

5.1. The Charges for the Professional Services are exclusive of the travel, accommodation and subsistence expenses incurred by GBG and GBG’s sub-contractors in attending the Client’s premises to perform Professional Services and such expenses shall be invoiced separately by GBG and shall be paid by the Client within 30 days of receipt of an invoice. Where the Client cancels or rearranges a scheduled meeting GBG reserves the right to charge the Client for all accommodation and travel expenses that have been incurred by GBG.

6. TIMETABLE AND DELAYS

6.1. Time of performance of the Professional Services is not of the essence. Where a timetable is agreed and appended to this Agreement (the “Timetable”), GBG undertakes to use reasonable endeavours to complete each element of the Professional Services by the date specified in the Timetable.

6.2. If GBG is prevented or delayed from performing any of the Professional Services for any reason which is not directly attributable to GBG’s acts or omissions then, notwithstanding anything else contained in this Agreement:

a.If as a result any element of the Service Materials or any other deliverable is not completed by the date specified in the Timetable (where one is agreed) (or by any extended date agreed between the Parties) then any part payment of the Charges for the Professional Services due to be paid on the completion of that element (if any) shall be paid on the scheduled date for such completion (taking into account any extension of time agreed between the Parties) as distinct from the actual date of completion;
b.(b) The Client shall pay to GBG a reasonable sum in respect of any additional time spent and materials and computer time incurred as a result of any such prevention or delay; and
c.(c) The Client shall pay to GBG all other reasonable costs, charges, expenses and losses sustained or incurred by GBG as a result of such prevention or delay.

6.3. The Client shall pay to GBG a reasonable sum in respect of any additional time spent and materials and computer time incurred in connection with the provision to GBG of any inaccurate, incorrect or inadequate information or data by the Client or on the Client’s behalf.

6.4. GBG shall notify the Client in writing without undue delay of any claim which GBG may have under paragraph 6.2 or 6.3 giving such particulars thereof as GBG is then able to provide.

7. ALTERATIONS

7.1. If at any time the Client requires GBG to alter all or any part of the Service Materials, the Professional Services and/or any other deliverable under the Professional Services then the Client shall provide GBG with full written particulars of such alterations and with such further information as GBG may reasonably require. GBG may suggest alterations to the Client at any time which the Client may then use as the basis for a request under this provision.

7.2. GBG shall then submit to the Client as soon as reasonably practicable a written estimate for such alterations specifying what changes (if any) will be required to the Charges hereunder and the Timetable (if applicable) and what adjustments will be required to the Service Materials (if applicable).

7.3. Upon receipt of such estimate the Client may elect either:

a. to accept such estimate in which case this Agreement shall be amended in accordance therewith;
b.(to withdraw the proposed alterations in which case the Professional Services shall continue in force unchanged.

7.4. GBG shall be entitled to charge a reasonable fee to the Client for considering such alterations and preparing the said estimate and if the Client’s request for such alterations is subsequently withdrawn but results in a delay in the performance of any of the Services then GBG shall not be liable for such delay and shall be entitled to an extension of time for performing its obligations equal to the period of the delay.

7.5. GBG shall not be obliged to make any alterations to the Service Materials save in accordance with the aforesaid procedure.