Data Services Agreement GENERAL TERMS AND CONDITIONS  

These General Terms shall apply to all use of the Service.  Additional Terms may also apply depending on the specific Services purchased from GBG.  These Additional Terms shall form part of the Agreement where the relevant Services and/or Datasets are selected on the Order Form. 

 The ID3global Electronic Identity Verification Service ("GBG|ID3global Service") that Creditsafe ("We/Us/Our") use to provide You with the identification and anti-money laundering service is supplied by GB Group plc ("GBG"). GBG has authorised Us to act as its authorised intermediary in relation to the GBG|ID3global Service which GBG provide to You. We are obliged under the terms of Our agreement with GBG to ensure that You agree to and comply with the provisions as laid out in the End User Terms and Conditions a copy of which is set out below. Accordingly, You acknowledge and agree to (i) a legal and binding agreement between You and GBG for the GBG|ID3global Service incorporating the terms of the End User Terms and Conditions and (ii) comply with its terms. Notwithstanding the terms of the End User Terms and Conditions, the parties agree that:  

 References to the Order Form in the End User Terms and Conditions shall mean the order confirmation issued to you by Us which sets out details of the Services being provided to You and the associated Charges. Contract Start Date and Initial Period be the date of Your Contract with Us and term of Your contract with Us respectively.  

- You will pay Charges owed for Your use of the GBG|ID3global Service to Us in accordance with the payment terms specified by Us.  

- Any Standard Support Service or Professional Services shall be provided directly by Us and in accordance with the terms of Our agreement with You and not by GBG. Consequently, GBG shall have no liability to provide You with any Standard Support Service or Professional Services unless otherwise agreed in writing by GBG.  

- You will receive the GBG|ID3global Service as part of the wider service offered by Us. In the event that Our agreement with GBG terminates during the term of Your agreement with Us, We shall notify You promptly. In such circumstances Your agreement with GBG shall automatically terminate on expiry of such notice period and GBG shall have no further liability to You.  

1 DEFINITIONS AND INTERPRETATION

1.1 In these General Terms the following definitions shall apply: “Additional Terms” means the special terms and conditions relating to particular Datasets and/or aspects of the Service as updated from time to time which are available at https://www.gbgplc.com/uk/additionalterms . These Additional Terms will apply if the Client has selected the relevant Dataset or particular aspect of the Service on the Order Form. “Authorised Signatory” means an individual duly authorised to sign documentation on behalf of a Party.  “Agreement” means the Additional Terms, these General Terms, any Schedules and the relevant Order Form, which in the case of conflict rank in the order of precedence set out above unless expressly stated. “Batch Service” means the processing and enhancement of Input Materials by GBG and the delivery of Output Materials to the Client. “Business Day” means Monday to Friday (excluding public and bank holidays in England). 

“Charges” means the charges set out in the Order Form during the Initial Period and thereafter shall mean Our standard pricing. “Client” means the organisation, firm, company or public authority named on the Order Form that receives the Service provided by GBG. 

“Client Data” any data provided to GBG by the Client for processing in accordance with the terms of the Agreement including where relevant any Personal Data.

“Client Information” means Client Data and any other materials provided or otherwise made available to GBG by or on behalf of the Client (including the Input Materials). 

“Confidential Information” means any information relating to the business of the disclosing Party which is not publicly available including, but not limited to, (i) Client Information, information regarding the business, affairs, customers, clients, suppliers, operations, processes, product information, know-how, technical information, designs, trade secrets or software of the disclosing Party; (ii) any information, findings, data or analysis derived from Confidential Information including the Output Material; (iii) the existence and terms of this Agreement; and (iv) any other information which should otherwise be reasonably regarded as possessing a quality of confidence or as having commercial value in relation to the business of the disclosing Party.

“Contract Start Date” means the date specified as the contract start date on the Order Form.

“Controller" means the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of Personal Data where the purposes and means of processing are determined by EU or Member State laws, the Controller (or the criteria for nominating the controller) may be designated by those laws or the equivalent or corresponding definition under any applicable Privacy and Data Protection Requirements.

“Datasets” means the different data files provided to GBG and/or the Client by the Data Supplier or used within GBG’s products and services in accordance with the terms of the Agreement as more particularly described as an item check, dataset or ID Number on the Order Form and in the Additional Terms. 

“Data Subject” means an identifiable natural person about whom a Controller holds Personal Data. For the purposes of this Agreement, this may include an individual whose details are provided to GBG by the Client as part of the Client Data or whose details are contained within the Supplier Data. 

“Data Supplier” means GBG’s third party data suppliers that provide Supplier Data for use in GBG’s products and services. 

“EEA” has the meaning given to it in clause 9.7(a).

“Event of Force Majeure” means any one or more acts, events, omissions or accidents beyond the reasonable control of a Party, including but not limited to: strikes, lock-outs or other industrial disputes (other than a Party’s own); failure of a utility service, or transport network or information technology or telecommunications service; act of God (including without limitation fire, flood, earthquake, storm or other natural disaster); war, threat of war, riot, civil commotion or terrorist attack; malicious damage (including without limitation the acts of hackers that could not have been prevented by a Party acting reasonably); epidemic; compliance with any change of law or governmental order, rule, regulation or direction; and/or default, caused by an event of force majeure or the insolvency of such suppliers or sub-contractors.

“Facilitation of Tax Evasion” means (a) being knowingly concerned in, or taking steps with a view to, Tax Evasion by another person (b) aiding, abetting, counselling or procuring Tax Evasion by another person (c) any other actions which would be regarded as facilitation of tax evasion under Part 3 of the Criminal Finances Act 2017 or the equivalent or corresponding legislation which applies to the Client. 

“GBG” means GB Group plc of The Foundation, Herons Way, Chester Business Park, Chester, CH4 9GB registered in England No 2415211 or its Group Companies as indicated on the Order Form.

“GDPR” means General Data Protection Regulation (EU) 2016/679 as in force from time to time as transposed into domestic legislation of each Member State and as amended, replaced or superseded from time to time, including by the GDPR and laws implementing or supplementing GDPR.

“Group Company” means in relation to a Party, that Party, or another company if that other company: (a) holds a majority of the voting rights in it, or (b) is a member of it and has the right to appoint or remove a majority of its board of directors, or (c) is a member of it and controls alone, pursuant to an agreement with other members, a majority of the voting rights in it,  or if it is a subsidiary of a company that is itself a subsidiary of that other company. 

“Helpdesk” means the helpdesk facility provided by GBG to handle enquiries and administration for the Service.

“Input Materials” means the data, which is provided by the Client that GBG will process and enhance in accordance with the relevant terms of this Agreement. 

“Initial Period” means the period specified on the Order Form starting on the Contract Start Date. 

“Intellectual Property Rights” means (i) patents, rights to inventions, rights in designs, trademarks and trade names, copyright and related rights, rights in goodwill, database rights and know-how, whether registered or not; (ii) all other intellectual property rights or forms of protection and similar or equivalent rights anywhere in the world (whether registered or not) which currently exist or are recognised in the future; and (iii) all applications, extensions and renewals to any such rights.

“LED” means the Law Enforcement Directive (Directive (EU) 2016/680) (as transposed into domestic legislation of each Member State) as may be applicable with regard to the processing of Personal Data by a competent authority (as defined in the LED) for the purposes of prevention, investigation, detection or prosecution of criminal offences or execution of criminal penalties. 

“Licence Package” means the scope of the Licence granted to the Client for the use of the Service specified in the Order Form, including the applicable number of Permitted Users and Transactions.

“Order Form” means the order form annexed to or relating to this Agreement as accepted by the Parties.

“Output Material” means all information and or Supplier Data provided to a Client by GBG including the results of any enquiry or search, reports, certificates or management information relating to the Client’s use of the Service.

“Party” means a party to this Agreement and “Parties” shall be construed accordingly.

“Permitted User” means anyone who has been given access to the Service by the Client in accordance with the terms of this Agreement, subject to any restrictions on the number of Permitted Users set out in the Order Form.

“Personal Data” means any information relating to a Data Subject; who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person or the equivalent or corresponding definition under any applicable Privacy and Data Protection Requirements. 

“Persons Associated” means any employee or agent of the relevant Party or other third party who supplies services to, or on behalf of, the relevant Party.

“Prepayments” means the prepayments of the Charges to be made by the Client as indicated on the Order Form.

“Privacy and Data Protection Requirements” means all applicable laws and regulations relating to the processing of personal data and privacy in any relevant jurisdiction, including, if relevant, the GDPR, the Data Protection Act 2018, the LED the Regulation of Investigatory Powers Act 2000, the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 (SI  2000/2699) and the Privacy and Electronic Communication Regulations 2003, any amendment, consolidation or re-enactment thereof, any legislation of equivalent purpose or effect enacted in the United Kingdom, and any orders, guidelines and instructions issued under any of the above by relevant national authorities, a judicial authority in England and Wales or a European Union judicial authority. 

"Processor" means a natural or legal person, public authority, agency or any other body which processes Personal Data on behalf of the Controller or the equivalent or corresponding definition under any applicable Privacy and Data Protection Requirements. 

“Professional Services” means the professional services as indicated on the Order Form and provided in accordance with the terms of Schedule 2.

“Service” means the GBG|ID3global service provided to the Client as a Web Service or Batch Service, as detailed in the Order Form together with the Standard Support Services and Professional Services where relevant and any other ancillary services provided by GBG to the Client pursuant to this Agreement. 

“Standard Support Services” means the standard support services as indicated on the Order Form and provided in accordance with the terms of Schedule 1.

"Sub-processor" means a natural or legal person, public authority, agency or any other body contracted by the Processor to process Personal Data for the purpose of carrying out a specific processing activity on behalf of the Controller. 

“Supervisory Authority” means, where relevant, an independent public authority which is established by a Member State pursuant to Article 51 of GDPR. 

“Supplier Data” means any data provided to GBG and/or the Client by the Data Supplier or used within GBG’s products and services in accordance with the terms of the Agreement including, where relevant, any Personal Data. 

“System Administrator” means the individual(s) named as such on the Order Form or their replacement(s) as notified to GBG by the Client who will be familiar with the use of the Service and be the first point of contact for all Permitted Users of the Service.

“Tax Evasion” means any fraudulent activity intended to divert funds from the public revenue of any government as well as any statutory tax evasion offence of any territory, where tax includes all taxes, levies and contributions imposed by governments in any territory.

“Transaction” means a single search, click, check or any other means of obtaining Output Material, as outlined within the Order Form.

“User Profile” means, where relevant to the delivery of the Service, the specific configuration of the Service and Datasets created for the Client as detailed on the Order Form.

“Value Added Tax” means value added tax or any equivalent tax chargeable in the UK or elsewhere. 

“Web Service” means Services hosted by GBG and provided to the Client via an API integration or web portal. 

1.2 The headings in this Agreement do not affect its interpretation.

1.3 References to clauses, sections and Schedules are to clauses, sections and Schedules of this Agreement.

1.4 Words in the singular include the plural and vice versa.

1.5 A reference to “writing” or “written” does not include electronic mail or facsimiles  

2 TERM OF THE AGREEMENT

2.1 Where the Client has purchased Batch Services, then this Agreement will start on the Contract Start Date and will continue for the Initial Period or until the Services specified in the Order Form have been delivered unless terminated in accordance with clause 7.3(c) or clause 11 of these General Terms.

2.2 Where the Client has purchased Web Services then this Agreement will start on the Contract Start Date and will continue for the Initial Period and thereafter until terminated in accordance with clause 7.3(c) and clause 11  of these General Terms.   

3 PROVISION OF THE SERVICE

3.1 GBG will provide the Client with the Service detailed in the Order Form and in accordance with the terms set out in this Agreement.

3.2 GBG will use reasonable endeavours to provide the Service in accordance with any timetable agreed with the Client. However, the Client acknowledges and accepts that any dates given by GBG are estimates only and that delivery of the Service will be dependent upon the Client’s timely cooperation with GBG as well as other factors outside of GBG’s reasonable control. 

3.3 Where relevant to the Service being provided, the Client acknowledges and accepts that occasionally GBG, in providing the Service, may be required to: (a) change the technical specification of the Service for operational reasons, however, GBG will ensure that any change to the technical specification does not materially reduce or detrimentally impact the performance of the Service; (b) give the Client instructions which it reasonably believes are necessary to enhance or maintain the quality of any Service provided by GBG and GBG shall not be responsible for any errors in the Service resulting from the Client’s non-compliance with such instructions; and (c) suspend the Service for operational reasons such as repair, maintenance or improvement or because of an emergency, in which case GBG will give the Client as much on-line, written or oral notice as possible and shall ensure that the Service is restored as soon as possible following suspension.

3.4 The Client shall be responsible for: (a) ensuring that it has a minimum of one System Administrator; (b) informing GBG of any changes to the System Administrator’s contact details without undue delay; (c) providing the telecommunications and network services and correctly configured hardware and other equipment needed to connect to the Service; and (d) the configuration and management of access to the Service including configuration of the Client’s network, firewall, DNS, routers, personal computers and User Profile.

3.5 Where the Client has purchased Batch Services the following shall apply:  (a) the Client shall be responsible for delivering all necessary Input Materials to GBG at the specified location in a readable condition within the delivery timescales agreed and in the manner, quantity and form agreed in the Order Form;  (b) if any of the Input Materials are supplied on a magnetic medium, such medium must be undamaged and to the specification agreed between the Parties or as set out in the Order Form; (c) Input Materials may be scanned for viruses and malware.  Any Input Materials that are found to contain such items will not be processed and the Client will be notified; (d) Reprocessing of any data required due to any fault on the part of GBG or its employees to exercise reasonable skill and care shall be made at GBG’s expense, subject to the Client making available any information or Input Materials necessary for such reprocessing;   (e) Reprocessing of any data required as a result of a failure by the Client to fulfil any of its delivery obligations set out in clause 3.2 shall be carried out at the Client’s expense; and (f) GBG shall not be liable for deletion or destruction of or for damage to the Input Materials and the Client should retain duplicates of all data and Input Materials supplied.

3.6 The Client must inform GBG, without undue delay, of any changes to the information which the Client supplied within the Order Form.  

4 USE OF THE SERVICE

4.1 The Client shall comply with these General Terms, the Schedules and all relevant Additional Terms to this Agreement.

4.2 The Client must retain back-up copies of all Client Information provided to GBG. 

4.3 Where relevant, the  Client must ensure that any software, equipment and materials which are used with the Service: (a) are connected and used in accordance with any instructions and security procedures specified by GBG or other relevant third party licensor; and (b) are technically compatible with the Service and meet the minimum technical specifications detailed on the Order Form.

4.4 Use of the Service is subject to the limitations of the Licence Package as set out in the Order Form. Should the Client exceed, or consider that it is likely to exceed, the limitations in the Licence Package, then the Client shall immediately inform GBG and will be liable for the overuse in line with the Charges indicated on the Order Form.

4.5 GBG reserves the right to audit the Client’s use of the Service to check compliance with the terms of the Licence Package in accordance with clause 12 of the General Terms. In the event that such audit reveals that the Client has exceeded the scope of the Licence Package, GBG shall be entitled to recover the fully cost of the audit and to seek compensation from the Client for under licencing in accordance with clause 4.7.

4.6 If as a result of compliance with clauses 4.5 the Parties discover that the Client has exceeded the scope of the Licence Package, the Parties agree that GBG shall be entitled to invoice the Client for such over usage in accordance with the original Charges set out in the Order Form. GBG shall be entitled backdate payments to the point at which the over usage occurred. The Client shall pay GBG’s invoice for the over usage within 28 days of the date of the invoice in accordance with the payment terms at clause 6.

4.7 The Client shall only access the Service as permitted by GBG and shall not attempt at any time to circumvent system security or access the source software or compiled code.   

4.8 The Service is provided solely for the Client’s own internal use. The Client must not resell or attempt to resell the Service (or any part or facility of it, including the Output Material) to any third party without first entering into an appropriate agreement signed by an Authorised Signatory of GBG.

4.9 The Service is protected by Intellectual Property Rights.  The Client must not copy, store, adapt, modify, transmit or distribute the Service except to Permitted Users or permit anyone else to do the same.

4.10 The Client shall be responsible for the creation, maintenance, accuracy and completeness of all Client Information provided to GBG as part of its use of the Service.

4.11 The Client warrants that it shall comply with all applicable legislation, instructions and guidelines issued by regulatory authorities, relevant licences and any other codes of practice which apply to the Client and its use of the Service including those which relate to the provision of Client Information.

4.12 The Client is responsible for the acts and omissions of all Permitted Users of the Service and is liable for any failure by a Permitted User to perform or observe the terms and conditions of this Agreement including without limitation to the provisions set out in the Additional Terms and any instructions issued under clauses 3.3(b) and 4.3.

4.13 If the Client uses the Service in contravention of clauses 4.4, 4.7, 4.8, 4.9, 4.11 or 4.12  then GBG shall be entitled to treat the contravention as a material breach of this Agreement, which cannot be remedied for the purposes of clause 11.3 b) of the General Terms.

4.14 Where relevant, GBG may, in its sole discretion, withhold Output Materials or refuse to carry out or complete any Services set out in the Order Form if in the reasonable opinion of GBG undertaking such would involve a breach by GBG of Privacy and Data Protection Requirements. If GBG refuses to carry out or complete any Services on the above grounds, the Client shall reimburse GBG for any costs or expenses incurred by GBG up to the date of such refusal.  

5 SECURITY

5.1 The Client is responsible for the security and proper use of all user identities (“User IDs”) and passwords used in connection with the Service (including maintaining and enforcing a robust password policy). 

5.2 The Client shall take all necessary steps to ensure that User IDs are kept confidential, secure, are used properly and are not disclosed to any unauthorised parties. For the avoidance of doubt, the Client will be responsible for all Charges for the Service where its User ID has been used to access the Service.

5.3 The Client must immediately inform GBG if there is any reason to believe that a User ID or password has or is likely to become known to someone not authorised to use it or is being or is likely to be used in an unauthorised way.

5.4 GBG reserves the right to suspend User ID and password access to the Service if at any time GBG reasonably considers that there is or is likely to be a breach of security or misuse of the Service and/or to require the Client to change any or all of the passwords used by the Client in connection with the Service.  

6 NOT USED  

7 INTELLECTUAL PROPERTY RIGHTS

7.1 The Client acknowledges that all Intellectual Property Rights in the Service and the Output Materials belong and shall continue to belong to GBG and/or GBG’s third party suppliers. GBG grants a nonexclusive, non-transferable licence to the Client to use the Service and Output Material in accordance with the terms of this Agreement. 

7.2 GBG acknowledges all Intellectual Property Rights in the Client Information belong and shall continue to belong to the Client. The Client grants to GBG a non-transferable, non-exclusive, royalty free licence to use, disclose and copy the Client Information to enable GBG GBG to provide the Service and carry out its obligations under this Agreement.

7.3 If any third party makes or threatens to make a claim against GBG, the Client or one of GBG’s third party suppliers that the use of the Service and/or Output Material or part thereof infringes any third party’s Intellectual Property Rights, GBG shall be entitled to do one or more of the following:- (a) suspend any part of the Service that is subject to the infringement claim made by the third party; (b) modify the Service, or item provided as part of the Service, so as to avoid any alleged infringement, provided that the modification does not materially affect the performance of the Service; (c) terminate the Agreement upon written notice to the Client and provide a refund to the Client of any Prepayment made by the Client which at the date of termination has not been and will not be credited against Charges due to GBG.

7.4 GBG will indemnify the Client against all liabilities, costs, expenses, damages and losses incurred by the Client as a direct result of any third party making or threatening to make a claim against the Client that the Client’s use of the Service and/or Output Material in accordance with the terms of this Agreement infringes that third party's Intellectual Property Rights (a “Claim”), provided that the Client: (a) notifies GBG promptly and in any event within 5 Business Days in writing of any Claim;  (b) makes no admission or compromise relating to the Claim or otherwise prejudice GBG’s defence of such Claim;  (c) allows GBG to conduct all negotiations and proceedings in relation to the Claim; and (d) gives GBG all reasonable assistance in doing so (GBG will pay the Client’s reasonable expenses for such assistance).

7.5 The indemnity in clause 7.4 does not apply to any Claim arising as a result of the use of the Service in breach of the Client warranty within 7.6 (c) or to Claims caused by designs or specifications made by the Client, or on the Client’s behalf.

7.6 The Client warrants that: (a) it will not use or exploit the Intellectual Property Rights in the Service or Output Material or permit others to use or exploit the Intellectual Property Rights in the Service or Output Material outside of the terms of the licence granted to the Client in clause 7.1 of this Agreement; (b) all computers and/or IT systems which GBG are required to use, access or modify as part of the Professional Services are legally licensed to the Client or are the Client’s property and that such activities by GBG will not infringe the rights of any third party; (c)  its use of the Service through any software, equipment, materials or services not provided by GBG will not infringe the rights of any third party;  (d) GBG’s compliance with any designs or specifications provided by the Client, or on the Client’s behalf will not infringe the rights of any third party; and (e) the use by GBG of the Client Information through the provision of the Service in accordance with the Client’s instructions and in accordance with the terms of this Agreement, will not infringe any third party's Intellectual Property Rights.   

8 CONFIDENTIALITY AND PUBLICITY

8.1 Each Party undertakes that it shall not at any time disclose the other Party’s Confidential Information to any third party except as permitted by clauses 8.3, 8.4 and 8.5 or to the extent necessary for the proper performance of this Agreement. 

8.2 Each Party warrants to the other that it shall apply the same security measures and degree of care to Confidential Information disclosed to it as it takes in protecting its own Confidential Information and in any event no less than that which a reasonable person or business would take in protecting its own Confidential Information.

8.3 Neither Party shall use the other Party's Confidential Information for any purpose other than to perform its obligations under this Agreement.

8.4 Each Party may disclose the other Party's Confidential Information: (a) to its or its Group Companies' employees, officers, representatives, advisers and third party suppliers who need to know such information to perform its obligations under this Agreement. Each Party shall ensure that its and its Group Companies' employees, officers, representatives, advisers and third party suppliers to whom it discloses the other Party's confidential information comply with this clause 8; and (b) as may be required by law, court order or any governmental or regulatory authority.

8.5 For the purposes of this clause 8, Confidential Information shall not include information which: (a) is or becomes generally available to the public (other than through a breach of this Agreement); (b) is lawfully in the possession of the other Party before the disclosure under this Agreement took place; (c) is obtained from a third party who is free to disclose it; or (d) the Parties agree in writing is not confidential or may be disclosed.

8.6 Notwithstanding the terms of this clause 8, once the Order Form has been signed by both Parties, GBG may, with the Client’s prior written consent, issue a press release (or if GBG wishes, another form of public communication) relating to the Parties’ entry into this Agreement.  
 

9 DATA PROTECTION

9.1 Both Parties warrant that they will comply with their respective obligations under the Privacy and Data Protection Requirements and the terms of this Agreement. 

9.2 For the purposes of this Agreement the Client is the Controller and GBG is the Processor. Where specified in the Additional Terms, GBG’s Data Suppliers may also act as Sub-processor.

9.3 The Client warrants and represents that all instructions provided to GBG in relation to the processing of Personal Data contained within the Client Data are lawful and shall as a minimum include: (a) the nature and purpose of the processing of the Client Data; (b) the types of Personal Data to be processed; and  (c) the categories of Data Subjects to whom the Personal Data relates. 

9.4 The Client shall only provide instructions to GBG that are in accordance with the terms of this Agreement and are relevant for the provision of the Services. 

9.5 The Client acknowledges that as Controller it is solely responsible for determining the lawful processing condition upon which it shall rely in providing instructions to GBG to process Personal Data for the purposes of carrying out the Services. 

9.6 The Parties acknowledge and accept that processing of Personal Data belonging to an EEA Data Subject and/or the processing of Personal Data in the context of the activities of an establishment  of a Controller or Processor within the EEA shall be lawful only if and to the extent that either an exemption, Article 2 GDPR or at least one of the following conditions (as specified in the Order Form as may be applicable) applies: (a) the Data Subject has given consent to the processing of his or her Personal Data for one or more specific purposes; (b) processing is necessary for the performance of a contract to which the Data Subject is party or in order to take steps at the request of the Data Subject prior to entering into a contract; (c) processing is necessary for compliance with a legal obligation to which the Controller is subject; (d) processing is necessary in order to protect the vital interests of the Data Subject or of another natural person; (e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller; or (f) processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject which require protection of Personal Data, in particular where the Data Subject is a child. 

9.7 To the extent that the performance of GBG’s obligations, and any supporting and/or ancillary activities, involves processing Client Data, GBG acting as Processor shall: (a) only carry out processing of Client Data in accordance with the Client’s documented instructions , including where relevant  for transfers of  Client Data outside the European Economic Area (“EEA”) or to an international organisation (unless GBG is otherwise required to process Client Data by European Union, Member State and/or UK law to which GBG is subject, in which case GBG shall inform the Client of that legal requirement before processing unless prohibited by that law on important grounds of public interest), and shall immediately inform the Client if, in GBG’s opinion, any instruction given by the Client to GBG infringes Privacy and Data Protection Requirements;  (b) notify the Client without undue delay of any requests received from a Data Subject exercising their rights under Privacy and Data Protection Requirements and, taking into account the nature of the processing, assist the Client by taking appropriate technical and organisational measures, insofar as this is possible, with fulfilling its obligations in respect of Data Subject rights under Privacy and Data Protection Requirements, including assisting the Client in responding to any subject access requests or requests from Data Subjects for access to, rectification, erasure or portability of Personal Data, or for restriction of processing or objections to processing of Personal Data; (c) take all security  measures required in accordance with Privacy and Data Protection Requirements (including Article 32 GDPR),  and at the request of the Client provide a written description of, and rationale for, the technical and organisational measures implemented, or to be implemented, to protect the Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data transmitted stored or otherwise processed; and detect and report Personal Data breaches without undue delay;  (d) taking into account the nature of the processing and the information available to GBG, use all measures to assist the Client in ensuring compliance with the Client’s obligations to;  i. keep Personal Data secure (Article 32 GDPR); ii. notify Personal Data breaches to the Supervisory Authority (Article 33 GDPR); iii. advise Data Subjects when there has been a Personal Data breach (Article 34 GDPR); iv. carry out data protection impact assessments (Article 35 GDPR); and  v. consult with the Supervisory Authority where a data protection impact assessment indicates that there is an unmitigated high risk to the processing (Article 36 GDPR).  (e) without undue delay, inform the Client of becoming aware of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, the Client Data transmitted, stored or otherwise processed. GBG accepts and acknowledges that the Client shall direct in its sole discretion, any and all steps and measures taken to remedy a breach by GBG under Privacy and Data Protection Requirements, including but not limited to any communications with a Supervisory Authority. GBG agrees not to act in any way upon such disclosure without the prior written consent of the Client;  (f) make available to the Client all information necessary to demonstrate compliance with the obligations laid down in this clause 9 and allow for and contribute to audits, including inspections, conducted by the Client or another auditor mandated by the Client as set out in clause 12; and (g) in addition to the confidentiality obligations contained in clause 8, ensure that persons authorised to process the Client Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

9.8 Where the Client uses or receives Supplier Data as part of the Services, the Client acknowledges that: (a) the Supplier Data may be subject to Additional Terms;  (b) where relevant for the provision of Services under the Agreement, the Client shall comply with the Additional Terms; and  (c) where the Additional Terms specify that Personal Data belonging to EEA Data Subjects cannot be processed by a particular Data Supplier, the Client warrants that it will not use that element of the Service for the processing of Personal Data belonging to an EEA Data Subject. 

9.9 GBG shall promptly notify the Client in the event of a change to the Additional Terms. 

9.10 The Client provides their consent for GBG to use Sub-processors in the delivery of the Service. Where GBG uses Data Suppliers or any other third party and where they are acting as a Sub-processor in relation to the Client Data, GBG shall: (a) enter into a legally binding written agreement that places the equivalent data protection obligations as those set out in this Agreement to the extent applicable to the nature of the services provided by such Sub-processor, in particular, unless otherwise stated in the Additional Terms in accordance with clause 9.8(c), providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the GDPR;  (b) shall remain liable for any act or omission of a Sub-processor that does not comply with the data protection obligations as set out in this clause 9; and (c) inform the Client of any intended changes concerning the addition or replacement of a Sub-processor with access to Client Data and give the Client the opportunity to object to such changes. 

9.11 Transfers of personal data to third countries or international organisations: GBG shall not cause or permit any Client Data to be transferred outside of the EEA unless such transfer is necessary for the purposes of GBG carrying out its obligations under the Agreement in which case, the provisions of clauses 9.12 to 9.15 shall apply. 

9.12 Transfer subject to adequate safeguards: Subject to clauses 9.13 and 9.14,  if Personal Data is to be processed outside of the EEA, GBG agrees  to provide and maintain appropriate safeguards as set out in Article 46 GDPR or where applicable, LED Article 37 to lawfully transfer the Personal Data to a third country. 

9.13 Transfers based on adequacy decisions: Clause 9.12 shall not apply if the processing of the Personal Data is carried out in a country that the European Commission has considered as offering an adequate level of protection.

9.14 Derogations for specific situations: The Client has consented to such transfer and acknowledges and accepts that certain Data Suppliers engaged by GBG in the provision of the products and services are located in a country that the European Commission has not formally declared to have an adequate level of protection (Clause 9.13/ Article 45(3) GDPR) and are not able to demonstrate appropriate safeguards (Clause 9.12/ Article 46 GDPR). In such circumstances this will be stated in the Additional Terms and where GDPR applies to the Client by virtue of Article 3 GDPR, the Client as Controller acknowledges that prior to submitting Client Data to GBG for processing it shall determine, and is solely liable for ensuring, that one of following exceptions set out in Article 49 GDPR applies: (a) the Data Subject has explicitly consented to the proposed transfer, after having been informed of the possible risks of such transfers for the Data Subject due to the absence of an adequacy decision and appropriate safeguards; (b) the transfer is necessary for the performance of a contract between the Data Subject and the Client or the implementation of pre-contractual measures taken at the Data Subject's request;  (c) the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the Data Subject between the Client and another natural or legal person;  (d) the transfer is necessary for important reasons of public interest; (e) the transfer is necessary for the establishment, exercise or defence of legal claims; (f) the transfer is necessary in order to protect the vital interests of the Data Subject or of other persons, where the Data Subject is physically or legally incapable of giving consent; or (g) the transfer is made from a register which according to European Union or Member State law is intended to provide information to the public and which is open to consultation either by the public in general or by any person who can demonstrate a legitimate interest, but only to the extent that the conditions laid down by European Union or Member State law for consultation are fulfilled in the particular case. The terms of this clause 9.14 shall not apply where the Client is subject to LED. In such circumstance clause 9.15 shall apply. 

9.15 Derogations for specific situations where the LED is applicable to the Client: The Client has consented to such transfer and acknowledges and accepts that certain Data Suppliers engaged by GBG in the provision and services are located in a country that the European Commission has not formally declared to have an adequate level of protection (Clause 9.13/ Article 36 LED) and are not able to demonstrate appropriate safeguards (Clause 9.12/Article 37 LED).  In such circumstances this will be stated in the Additional Terms and the Client as Controller acknowledges that prior to submitting Client Data to GBG for processing it shall determine, and is solely liable for ensuring that, one of the following exceptions set out in Article 38 LED applies: (a) the transfer is necessary to protect the vital interest of the Data Subject or another person; (b) to safeguard legitimate interest of the Data Subject, where the law of the Member State transferring the Personal Data so provides;  (c) for the prevention of an immediate and serious threat to public security of a Member State or a third country; (d) in individual cases for the purposes set out in Article 1 (1) LED; or (e) in an individual case for the establishment, exercise or defence of legal claims relating to the purposes set out in Article 1(1) LED. 

10 LIABILITY

10.1 Neither Party excludes or limits its liability for death or personal injury resulting from its negligence, fraud or fraudulent misrepresentation or any other type of liability that cannot by law be excluded or limited.

10.2 Neither Party excludes or limits its liability in respect of clauses 4.4 (Overuse), 4.8 (Client’s internal use), 7 (Intellectual Property Rights), 8 (Confidentiality) and 9 (Data Protection) of this Agreement.

10.3 Subject to clauses 10.1 and 10.2, each Party’s aggregate liability to the other Party under or in connection with this Agreement, whether such liability arises in contract, tort (including, without limitation, negligence) misrepresentation or otherwise, shall be limited to either the Charges payable in the 12 month period  preceding the breach, or £5,000 whichever is the greater. 

10.4 Subject to clauses 10.1 and 10.2, neither Party shall be liable for loss of profits, loss of business or anticipated savings, destruction or deletion of data, loss of use of data, loss of or damage to reputation, loss of or damage to goodwill, any special, indirect or consequential loss or damage.

10.5 GBG accepts no liability for any claim by a Data Subject which occurs as a result of the Client electing to use Variable Data Retention, as referred to within clause 4 of Schedule 1 of this Agreement.

10.6 Due to GBG’s reliance on Data Suppliers, and telecommunication services, over which GBG has no direct control, GBG cannot warrant: (a)  the accuracy, suitability for purpose/requirements and/or uninterrupted availability of the Service or Output Materials; and (b) that the use of the Service and/or the Output Materials will meet the Client's business requirements and the Client accepts that the Service was not designed or produced to its individual requirements and that it was responsible for its selection. Consequently, the Client agrees that except as expressly set out in this Agreement, all warranties, conditions and other terms relating to the Service and this Agreement whether express or implied by law, custom or otherwise are, to the fullest extent permitted by law, excluded from this Agreement. GBG shall not be responsible for the decisions that the Client makes as a result of the information, Service or data that GBG provides to the Client under this Agreement.

10.7 The Parties acknowledge that damages alone may not be an adequate remedy for a breach by the other Party of clauses 4 (Use of the Service), 7 (Intellectual Property Rights), 8 (Confidentiality) and 9 (Data Protection) of this Agreement. Accordingly, without prejudice to any other rights and remedies it may have, the injured Party shall be entitled to seek specific performance and/or injunctive or other equitable relief.   

11 SUSPENSION AND TERMINATION

11.1 GBG may suspend all or part of the Service immediately and without notice in the event that the Client breaches or GBG acting reasonably suspects that the Client has committed a material breach of this Agreement.  

11.2 Either Party may terminate this Agreement by giving at least 90 days' prior written notice to the other of such termination to take effect on or after the expiry of the Initial Period.

11.3 Either Party may terminate this Agreement (or, if GBG wish, part of it) on immediate notice in writing to the other if any of the following applies: (a) the other Party commits a material or persistent breach of this Agreement, which is capable of remedy, and it fails to remedy the breach within 10 Business Days of a written notice to do so.  A breach shall be capable of remedy if the Party in breach can comply with the provision in question in all respects other than as to the time of performance;  (b) the other Party commits a material or persistent breach of this Agreement which cannot be remedied;  (c) any meeting of creditors of the other Party is held or any arrangement or composition with or for the benefit of its creditors (including where the directors of a company (other than one which is in administration or being wound up) may make a proposal to the company and to its creditors for a composition in satisfaction of its debts or a scheme of arrangement of its affairs)) is proposed or entered into by or in relation to the other Party (other than for the purpose of a bona fide solvent re-construction, re-organisation or amalgamation); (d) the other Party ceases or threatens to cease carrying on business or is or becomes unable to pay its debts within the meaning of Section 123 of the Insolvency Act 1986 or other applicable legislation; (e) a nominee, supervisor, receiver, administrator, administrative receiver or liquidator is appointed in respect of the other Party or any encumbrancer takes possession of, or any distress, lien, execution or other process is levied or enforced (and is not discharged within seven days) upon, the assets of the other Party; (f) an order is made for the bankruptcy or winding-up of the other Party or a resolution for its winding up is passed; (g) a notice of intention to appoint an administrator is filed with the court or served on any creditor of the other Party; (h) an application for an administration order is issued at court in respect of the other Party; (i) a meeting is convened for the purpose of considering a resolution for the winding up of the other Party or the making of an application for an administration order or the dissolution of the other Party; or (j) any event analogous to any of clauses  11.3(c)to (i) above occurs in any jurisdiction.

11.4 Upon termination of this Agreement: (a) the Client will:

- cease using the Service or in the case where access to a specific part of the Service has been terminated cease to use the specified part of the Service; and

- promptly pay any outstanding and unpaid invoices due for the Service within the time period specified in clause 6.1 whether the invoice was submitted before or after the termination of this Agreement. (b) GBG will cease using Client Data (and any copies of it) and shall arrange for its safe return or destruction as shall be required by the Client (unless European Union, Member States and/or English Law requires storage of any Personal Data contained within the Client Data or an exemption under GDPR applies); and (c) the Parties will return or destroy (at the option and request of the disclosing Party) any Confidential Information belonging to the other Party in its possession or control. 

11.5 The termination of this Agreement does not affect the accrued rights, remedies and obligations or liabilities of the Parties existing at termination. Nor shall it affect the continuation in force of any provision of this Agreement that is expressly or by implication intended to continue in force after termination.

11.6 If GBG terminates this Agreement during the Initial Period following a breach of this Agreement by the Client the Client agrees to pay GBG the Charges due, if any, for the remaining part of the Initial Period in accordance with clause 11.4. 

12 AUDIT RIGHTS

12.1 The Parties acknowledge and accept that, due to the nature of the Services provided, a mutual audit right is required for each Party (the “Auditing Party”) to be able to verify and monitor the other Party’s compliance with its material obligations under this Agreement (the “Audited Party”). The following provisions of this clause 12 are to give effect to that requirement.   

12.2 Upon receipt of the Auditing Party’s reasonable request, the Audited Party shall provide the Auditing Party with any documentation or records which are reasonably required to enable the Auditing Party to verify and monitor the Audited Party’s compliance with its obligations under this Agreement. Such information and records may be redacted to remove confidential commercial information not relevant to the request. 

12.3 All information and records shall be provided without undue delay and where possible within 14 days of receipt of such request. The Audited Party shall also notify the Auditing Party of the name of the person within its organisation who will act as the point of contact for provision of the information required. 

12.4 Subject to clauses 12.5 to 12.7 where, in the reasonable opinion of the Auditing Party, such documentation is not sufficient to demonstrate compliance or to meet the Auditing Party’s obligations to a regulatory body (or in GBG’s case to a Data Supplier), then the Auditing Party will be entitled, upon reasonable prior written notice and upon reasonable grounds, to conduct an on-site audit of the Audited Party’s premises or to appoint a third party auditor to conduct an on-site audit for the purposes of investigating the Audited Party’s compliance with its obligations under this Agreement.

12.5 Audits shall not be carried out on more than one occasion per year of this Agreement unless the Auditing Party reasonably believes that the Audited Party is in material breach of the Agreement or unless the Auditing Party is required to do so by any regulatory body with competent jurisdiction (or in the case of GBG, one of GBG's third party suppliers engaged in connection with the Service).  The Auditing Party or its auditor may be accompanied by representatives of any such regulatory body (or Data Supplier in the case of GBG) in respect of any such audit imposed on the Audited Party. 

12.6 All audits will be conducted in a manner that does not materially disrupt, delay or interfere with the Audited Party's performance of its business and shall be carried out at the expense of the Auditing Party. Should the audit reveal a material breach of the Agreement by the Audited Party, the Audited Party shall reimburse the Auditing Party for the full cost of the audit.

12.7 The Audited Party shall provide the Auditing Party (or any third party auditor as relevant) with reasonable, supervised access to its premises, employees, computers, IT systems and records as required for the purpose of any such audit. 

13 DISPUTE RESOLUTION

13.1 If a dispute arises out of or in connection with this Agreement or the performance, validity or enforceability of it (a “Dispute”) then the Parties shall follow the procedure set out in this clause 13, specifically: (a) either Party shall give to the other written notice of the Dispute, setting out its nature and full particulars (a “Dispute Notice”), together with relevant supporting documents. On service of the Dispute Notice, authorised representatives of GBG and the Client shall attempt in good faith to resolve the Dispute; (b) if the authorised representatives of GBG and the Client are for any reason unable to resolve the Dispute within 10 Business Days of service of the Dispute Notice, the Dispute shall be escalated appropriately in the circumstances within  GBG and the Client in an  attempt in good faith to resolve the matter; and (c) if, following escalation of the Dispute as described in 13.1(b) above,  GBG and the Client are for any reason unable to resolve the Dispute within 30 Business Days of it being escalated, then the Parties will attempt to settle it by way of mediation. Should the Parties fail to reach a settlement within 25 Business Days from the date of engaging in such mediation, the Parties shall be entitled to refer the Dispute to the courts of England and Wales in accordance with clause 20.2 of this Agreement.

13.2 Notwithstanding clause 13.1 above, the Parties shall be entitled to seek injunctive or other equitable relief at any point should that Party deem it necessary to protect the legitimate business interests of that Party.   

14 EVENT OF FORCE MAJEURE 

14.1 Neither Party shall be in breach of this Agreement nor liable for any delay in performing, or failure to perform, any of its obligations under this Agreement if such delay or failure results from an Event of Force Majeure. In such circumstances, the affected Party shall be entitled to a reasonable extension of the time for performing such obligations. If the period of delay or non-performance continues for three consecutive months, the Party not affected may terminate this Agreement immediately by giving written notice to the affected Party.

15 NOTICES

15.1 Notices required to be given under this Agreement must be in writing and may be delivered by hand or by courier, or sent by first class post to the following addresses: (a) to GBG at its registered office address and marked for the attention of the Company Secretary,  (b) to the Client at the address to which the Client asks GBG to send invoices or the Client's registered office address (in the case of a corporate body).

15.2 Any notice shall be deemed to have been duly received: (a) if delivered by hand or by courier, when left at the address referred to in this clause 15; or (b) if sent by first class post, two Business Days after the date of posting.

15.3 This clause 15 does not apply to the service of any proceedings or other documents in any legal action.  

16 TAX EVASION AND FACILITATION OF TAX EVASION

16.1 Both GBG and the Client agree not to engage in Tax Evasion of any kind in any territory nor in the Facilitation of Tax Evasion of any kind in any territory.

16.2 Both GBG and the Client shall take such steps as may be required to ensure that they are not liable under Part 3 of the Criminal Finances Act 2017 (Corporate Offence of Failure to Prevent Facilitation of Tax Evasion). Where relevant the Client shall take such steps to comply with any equivalent legislation relating to where the Client is situated. In particular, both Parties shall implement reasonable  prevention procedures to prevent the Facilitation of Tax Evasion by Persons Associated with the relevant Party whilst acting in that capacity. 

16.3 Each Party shall immediately notify the other as soon as it becomes aware of a breach of any of the requirements in this clause.

16.4 Any breach of this clause shall be deemed a material breach of this Agreement that is not remediable. 

17 ANTI-BRIBERY AND CORRUPTION

17.1 Both Parties shall:  (a) comply with all applicable laws, statutes, regulations, relating to anti-bribery and anti-corruption including but not limited to the Bribery Act 2010 (“Relevant Requirements”);  (b) shall have and shall maintain in place throughout the term of this Agreement its own policies and procedures to ensure compliance with the Relevant Requirements and will enforce them where appropriate; and (c) promptly report to the other Party any request or demand for any undue financial or other advantage of any kind received by that Party in connection with the performance of this Agreement.

17.2 Both Parties shall provide such supporting evidence of compliance, including annual certification (if requested) as the other party may reasonably request.  

18 MODERN SLAVERY

18.1 In performing its obligations under this Agreement, GBG shall ensure that all employees, workers, self-employed contractors or consultants or other representatives who are performing services on behalf of GBG shall, at all relevant times:  (a) comply with all applicable anti-slavery and human trafficking laws, statutes, regulations, codes and guidance from time to time in force including but not limited to those of the Modern Slavery Act 2015;  (b) comply with any GBG policy relating to modern slavery and/or human trafficking as required by GBG; and  (c) take all reasonable steps to ensure that slavery and human trafficking are not taking place in its business. 

19 MISCELLANEOUS 

19.1 Agreed changes to this Agreement will be recorded in writing and will form part of this Agreement when signed by an Authorised Signatory of both Parties.

19.2 Subject to clause 19.4, neither Party may assign or transfer (in whole or in part) any of its rights or obligations under this Agreement, without the other Party’s prior written consent (such consent not to be unreasonably withheld or delayed). 

19.3 GBG will not withhold its consent to a Client assignment provided that, the assignment would not:  (a) put GBG in breach of regulatory requirements; (b) put GBG in breach of its supplier obligations; (c) conflict with the  provisions set out in the Additional Terms, or; (d) be to a competitor of GBG.   

19.4 Notwithstanding 19.2, GBG may assign such rights and obligations to a GBG Group Company without consent. 

19.5 Save where expressly stated in the Additional Terms, a person who is not party to this Agreement has no right under the Contracts (Rights of Third Parties) Act 1999 or otherwise to enforce any term of this Agreement.

19.6 This Agreement constitutes the entire agreement between the Parties and replaces and supersedes all previous written or oral agreements relating to its subject matter.

19.7 The Parties agree that: (a) neither Party has been induced to enter into this Agreement by any representation, warranty or other assurance not expressly incorporated into it; and (b) in connection with this Agreement its only rights and remedies in relation to any representation, warranty or other assurance are for breach of contract and that all other rights and remedies are excluded, except in the case of fraud.

19.8 If any provision of this Agreement (or part of any provision) is found by any court or other authority of competent jurisdiction to be invalid, illegal or unenforceable, that provision or part-provision shall, to the extent required, be deemed not to form part of this Agreement, and the validity and enforceability of the other provisions of this Agreement shall not be affected.

19.9 This Agreement may be executed in any number of counterparts, each of which when executed and delivered shall constitute an original of this Agreement, but all counterparts shall together constitute the same Agreement.  No counterpart shall be effective until each Party has executed at least one counterpart.

19.10 No failure or delay by a Party to exercise any right or remedy under this Agreement or by law shall constitute a waiver of that or any other right or remedy nor shall it preclude or restrict the further exercise of that or any other right or remedy.  No single or partial exercise of such right or remedy shall preclude or restrict the further exercise of that or any other remedy.   

19.11 Unless otherwise stated herein, the rights and remedies provided under this Agreement are in addition to, and not exclusive of, any other rights or remedies provided by law. 

20 GOVERNING LAW AND JURISDICTION

20.1 By entering into this Agreement, the Parties warrant that they each have the right, authority and capacity to enter into and be bound by the terms and conditions of this Agreement and that they agree to be bound by these.

20.2 This Agreement and any dispute or claim arising out of or in connection with it or its subject matter or formation (including noncontractual disputes or claims) shall be governed and construed in accordance with the laws of England and subject to clause 13 both Parties submit to the exclusive jurisdiction of the English Courts, save that GBG may elect to bring enforcement proceedings against the Client in the courts of any jurisdiction where the Client or any of the Client's property or assets may be found or located.

Data Services Agreement SCHEDULE 1 - STANDARD SUPPORT SERVICES 

This section only applies if the Order Form shows that Standard Support Services have been selected. If so, this Schedule 1 will apply in addition to the General Terms and any applicable Additional Terms. Any definition not provided in this Schedule shall have the same meaning as set out elsewhere in the Agreement.  

1. DEFINITIONS

1.1. The following definitions apply to this Schedule 1:

“Audit Trail” means an electronic record of the result of the match against the Data Entity received and transmitted across the Web Service Interface for an Identity Verification.

“Business Hours” means the working hours in a Business Day being 0900 to 1700.

“Data Entity” means a logical subset of data, for example, exdirectory indicator and telephone number. The data sent across the Web Service Interface will comprise of a number of Data Entities.

“Identity Verifications” means matching data provided across the Web Service Interface against one or more Reference Databases and returning across the Web Service Interface the outcome of the match(es).

“Pilot Site” means access to the Service via a temporary link to the Web Service Interface for the sole purpose of testing any integration and assessing whether the Service meets the Client’s business requirements.

“Planned Maintenance” means any work planned in advance to be carried out by GBG or on GBG’s behalf that may cause the Service to be temporarily suspended.

“Portal” means the front end interface onto the Web Service Interface which allows a manual Identity Verification to be carried out.

“Reference Database and Results Guide” means the GBG database reference guide for use with the Service.

“Retention Period” means the period of time that the Audit Trail will be retained within the Service after the time of the initial Transaction before its automatic deletion.

“Reference Database” means a database against which a Data Entity is matched. For Passport and Driving Licence Data Entities, Reference Database is defined as a set of consistency checks and checksum calculations on the provided data, rather than matching against an actual database.

“User Guide” means the user guide for the Service.

“Variable Data Retention” has the meaning given to it in clause 4.1 of this Schedule 1. “Version” means a new release in any year of the Web Service Interface (new Versions are provided with a distinct number and letter).

“Web Service Interface” means the programmatic interface through which data is passed by the Client to the Service or the Service passes data to the Client.

2. STANDARD SUPPORT SERVICES

2.1. Day-to-Day System Administration: GBG will perform routine system administration of the Service, including server, network and security monitoring.

2.2. Service Management: The Service is provided 24 hours a day, 365 days per year. GBG will respond to faults GBG detects or which the Client reports to GBG as set out in paragraph 2.4 below.

2.3. Helpdesk: GBG will provide the Client with the contact numbers (either telephone or fax, as appropriate) and email address of designated contact points, which will be the Client’s contact points for placing orders, reporting faults and making inquiries relating to the Service. The Client can use the numbers to contact the Helpdesk to report faults 24 hours a day, 365 days a year and to order services or make enquiries during Business Hours.  

2.4. Fault Reporting and Fault repair: (a) Any faults in the Service need to be notified to the Helpdesk via the Client’s System Administrator. The Client will need to use the reporting procedures GBG requires it to use from time to time.  (b) If the Client reports a fault in the Service or makes a request for assistance, GBG will immediately undertake an initial assessment, provide a fault reference and discuss and agree with the Client a priority level.  (c) Progress updates will occur:-

- with Priority 1 incidents on a 1 hourly basis or as otherwise agreed during Business Hours.

- Priority 2 on a 2 hourly basis and Priority 3 on a 3 hourly basis during Business Hours.

- on resolution of the fault or problem during Business Hours; and

- on any change of resolution target time during Business Hours.

2.5. Service Restoration: Each of the priorities has the following associated target clearance time

2.6. Disclaimer: GBG will always try to resolve any fault within the appropriate target clearance time, but the Client recognises and accepts that GBG may not be able to do so and that these times are only intended to be targets.  In some cases we may need to resolve issues with one of GBG’s global data partners which could involve contact being made with them outside of Business Hours due the time zone differences.  In this situation the supplier is required to respond to GBG within the same target response times although their business hours timeframe will be subject to the time zone that they are located in.  Should this situation arise, GBG will respond to the Client at the very earliest opportunity.

2.7. Outside of Business Hours: The Helpdesk will only be available to receive reported faults. The target times will not begin until the start of Business Hours on the next Business Day. With the exception of Priority 1 faults, all other priorities which cannot be resolved by the Helpdesk by the end of Business Hours on the Business Day that GBG acknowledges them will be put on hold until the start of Business Hours on the next Business Day.

2.8. Scheduled Service Time: The Service is provided on a resilient platform enabling GBG to offer a high level of service which is scheduled to be available 24 hours per day, 7 days per week, 365 days per year.  The Service has a target of 98.5% availability within any calendar month. This target excludes all periods of Planned Maintenance or any emergency maintenance or updates. GBG will always try to meet and exceed this monthly target availability. However, the Client accepts, that GBG may not always be able to do so and that this level of availability is only intended to be a target level. 

2.9. Planned Maintenance: From time to time, GBG may need to schedule maintenance of the Service.  GBG will always endeavour to conduct Planned Maintenance at a time that reduces the impact on the availability of the Service.  So, where possible, Planned Maintenance will be conducted during low usage periods outside of Business Hours.  If GBG needs to suspend the Service for Planned Maintenance (which GBG would only reasonably expect to be under exceptional circumstances) GBG undertake to give the Client as much advance notice as is practicable. 

2.10. Customer Reports: The Service will allow the System Administrator online access to reports on the Client’s usage and Audit Trail logs.

2.11. Version Support: The Service will utilise the latest Version of the Web Service Interface.  GBG will maintain and support all Versions of the Web Service Interface for up to four years from the date of first release.  GBG will expire all Versions older than four years (from the date of release) and GBG will provide the Client with 3 months’ notice if the Client is affected by this expiry.  The Client is expected to update its Web Service Interface with the most up to date Version to ensure that continuous service and support is maintained.  

3. AUDIT TRAIL

3.1. For each Data Entity checked, the name of the Reference Database, the data subject’s personal data, the match result, the date and time matched, and a unique log number will be recorded by the Service for the purposes of an Audit Trail. Where a profile has been used, then the profile reference will also be stored by the Service.

3.2. GBG will use the Audit Trail to determine the number of Identity Verifications the Client has carried out (or which have been carried out on the Client’s behalf) for charging purposes. 

3.3. Information held on the Audit Trail will be accessible online by the Client’s System Administrator.

3.4. Subject to the Client’s right to select Variable Data Retention, GBG will hold the Audit Trail information online for a period of 6 months from the date of the Identity Verification. GBG will retain an offlineAudit Trail for the duration of this Agreement. When this Agreement ends, GBG will provide the Client with a facility to download the Client’s Audit Trail information for the Client’s retention once all Charges due to GBG under this Agreement have been paid.  The facility will be available for 30 days after the Client has been notified of the availability of the download facility after which time the audit trail will be deleted from the service.

3.5. Where the Order Form shows that the Document Image Validation product has been selected, GBG will hold within its Audit Trail the image the client submitted for validation ("Stored Image") online for a maximum period of 6 months from the date of the transaction, unless this has been reduced to less than 6 months in accordance with the Variable Data Retention provisions contained in clause 4 of this Schedule 1.  For the avoidance of doubt, GBG will not retain any offline storage of Stored Images.  

4. VARIABLE DATA RETENTION 

4.1. Notwithstanding clause 3 of this Schedule, the Service provides the Client with the functionality to select an alternative Retention Period to that referred to within clause 3 of this Schedule (“Variable Data Retention”). 

4.2. Where the Client uses Variable Data Retention, the Client acknowledges and accepts the following:  (a) The Client is solely responsible for determining the Retention Period and consequently the Client will be solely liable for any claim by a Data Subject which occurs as a result of a failure to retain information and data regarding Transactions carried out using the Service after expiry of the Retention Period; (b) Any and all data and information retained within the Audit Trail beyond the Retention Period will be deleted irrevocably. For the avoidance of doubt this includes historic Transactions and does not only relate to future Transactions; (c) The deletion of all data and information from the Audit Trail will impact GBG’s ability to provide support services and deal with any enquiries from a Data Subject including any subject access requests received; (d) Following the Retention Period, GBG will not be in a position to resolve any issues and will have no record of data or information inputted into ID3global; (e) The Audit Trail is the only place where Client Information and records of Transactions are recorded and therefore GBG strongly recommends that the Client retains its own copies of Client Information as well as a record of all Transactions undertaken using the Service.   

5. PILOT SITE

5.1. Upon request the Pilot Site will be provided for a fixed period of time (“Pilot Access Period”), detailed in the Order Form, which shall not exceed 6 months. 

5.2. Access to the Pilot Site shall be allowed, at the discretion of GBG, without Charge up to an agreed figure (“Monthly Pilot Volume”) provided that: (a) the Service is not being used for any productive or commercial purpose; (b) the Service is only being used for processing the Client’s existing Client Information; For the avoidance of doubt any usage in excess of the Monthly Pilot Volume will be charged in accordance with the Charges outlined on the Order Form.

5.3. The Client shall not make available the Pilot Site or any information derived by use of, reference to, or comparison with the Pilot Site to any person, or use of any of the same other than solely for the purpose of trialling the Service; nor shall the Client use the Pilot Site in the provision of any services to any other individual or organisation for gain or otherwise unless such use is specifically authorised in writing by GBG.

5.4. The technical specification and operation of the Pilot Site and the service levels, response times, support or maintenance provided in relation to the Pilot Site shall be at GBG’s discretion.

Data Services Agreement SCHEDULE 2 - PROFESSIONAL SERVICES  

This section only applies if the Order Form shows that Professional Services have been selected. If so, this Schedule 2 will apply in addition to the General Terms and any applicable Additional Terms. Any definition not provided in this Schedule shall have the same meaning as set out elsewhere in the Agreement.   

1. DEFINITIONS

1.1. The following definitions apply to this Schedule 2. 

“Example Code” means sample code provided by the Client to GBG to use as a template in integrating the Service into the Client’s systems

“Service Materials” means any and all works of authorship and materials developed, written or prepared by GBG, in relation to the Professional Services (whether individually, collectively or jointly with the Client and on whatever media) which it is required to deliver to the Client pursuant to the Professional Services, including, without limitation, any and all reports, studies, data, diagrams, charts, specifications and all drafts thereof and working papers relating thereto, but excluding ordinary correspondence passing between the Parties. 

2. PROFESSIONAL SERVICES

2.1. GBG hereby agrees to provide the Professional Services to the Client in consideration of the Charges set out in the Order Form and upon these terms and conditions.

2.2. Nothing in this Agreement shall operate to prevent GBG from engaging in other professional, consultancy or project management activities.

2.3. The Client hereby authorises GBG and GBG’s sub-contractors to have such access to the Client’s premises, computers and IT systems and other facilities as is necessary in order to perform the Professional Services.

2.4. GBG may provide to the Client directly or give the Client access to Example Code.  The Example Code is provided as an example to show how the service integration works. Should the Client use the Example Code directly into the Client’s systems, the Client does so at its own risk. The Example Code is provided "as is", without warranty of any kind, express or implied and in no event shall GBG be liable for any claim, damages or other liability, whether in an action of contract, tort or otherwise, arising from, out of or in connection with the Example Code.

2.5. GBG shall at the Client’s request, in the provision of the Professional Services, provide support in the creation and amendment of the User Profile. The Client’s request to create or amend the User Profile shall be deemed as the Client’s agreement to such creation or amendment.   

3. GBG’S RESPONSIBILITIES

3.1. GBG warrants to the Client that the Professional Services: (a) will be provided in a timely and professional manner and that it shall use reasonable endeavours to provide the same in accordance with any Timetable (as defined in clause 6.1 below); (b) will conform to the standards generally observed in the industry for similar services and will be provided with reasonable skill and care.

3.2. GBG shall be fully entitled to use any skills, techniques, concepts or know-how acquired, developed or used in the course of performing the Professional Services in any way it deems fit and any improvements to GBG’s existing products and/or service made or developed during the course of the Professional Services, subject to the obligations of confidentiality detailed in the Agreement.  

4. CLIENT’S OBLIGATIONS

4.1. The Client shall: (a) make available to GBG such office and support services as may be necessary for GBG’s work under this Agreement; (b) ensure that its employees co-operate with GBG’s reasonable requests in relation to the provision of the Professional Services; and (c) promptly furnish GBG with such information and documents as GBG may reasonably request for the proper performance of the Professional Services.  

5. EXPENSES

5.1. The Charges for the Professional Services are exclusive of the travel, accommodation and subsistence expenses reasonably incurred by GBG and GBG’s sub-contractors in attending the Client’s premises to perform Professional Services and such expenses shall be invoiced separately by GBG and shall be paid by the Client within 30 days of receipt of an invoice. Where the Client cancels or rearranges a scheduled meeting GBG reserves the right to charge the Client for all accommodation and travel expenses that have been reasonably incurred by GBG.  

6. TIMETABLE AND DELAYS

6.1. Time of performance of the Professional Services is not of the essence. Where a timetable is agreed and appended to this Agreement (the “Timetable”), GBG undertakes to use reasonable endeavours to complete each element of the Professional Services by the date specified in the Timetable.

6.2. If GBG is prevented or delayed from performing any of the Professional Services for any reason which is not directly attributable to GBG’s acts or omissions then, notwithstanding anything else contained in this Agreement: (a) If as a result any element of the Service Materials or any other deliverable is not completed by the date specified in the Timetable (where one is agreed) (or by any extended date agreed between the Parties) then any part payment of the Charges for the Professional Services due to be paid on the completion of that element (if any) shall be paid on the scheduled date for such completion (taking into account any extension of time agreed between the Parties) as distinct from the actual date of completion; (b) The Client shall pay to GBG a reasonable sum in respect of any additional time spent and materials and computer time incurred as a result of any such prevention or delay; and (c) The Client shall pay to GBG all other reasonable costs, charges, expenses and losses sustained or incurred by GBG as a result of such prevention or delay.

6.3. The Client shall pay to GBG a reasonable sum in respect of any additional time spent and materials and computer time incurred in connection with the provision to GBG of any inaccurate, incorrect or inadequate information or data by the Client or on the Client’s behalf.

6.4. GBG shall notify the Client in writing without undue delay of any claim which GBG may have under clause 6.2 or 6.3 above giving such particulars thereof as GBG is then able to provide. 

7. ALTERATIONS

7.1. If at any time the Client requires GBG to alter all or any part of the Service Materials, the Professional Services and/or any other deliverable under the Professional Services then the Client shall provide GBG with full written particulars of such alterations and with such further information as GBG may reasonably require.  GBG may suggest alterations to the Client at any time which the Client may then use as the basis for a request under this provision.

7.2. GBG shall then submit to the Client as soon as reasonably practicable a written estimate for such alterations specifying what changes (if any) will be required to the Charges hereunder and the Timetable (if applicable) and what adjustments will be required to the Service Materials (if applicable).

7.3. Upon receipt of such estimate the Client may elect either: (a) to accept such estimate in which case this Agreement shall be amended in accordance therewith; (b) (to withdraw the proposed alterations in which case the Professional Services shall continue in force unchanged.

7.4. GBG shall be entitled to charge a reasonable fee to the Client for considering such alterations and preparing the said estimate and if the Client’s request for such alterations is subsequently withdrawn but results in a delay in the performance of any of the Services then GBG shall not be liable for such delay and shall be entitled to an extension of time for performing its obligations equal to the period of the delay.

7.5. GBG shall not be obliged to make any alterations to the Service Materials save in accordance with the aforesaid procedure.