0535 COMBINED DECISION (CANADA FINTRAC) | ID NUMBER 201926

The Supplier Data used to provide 0535 Combined Decision (Canada FINTRAC) Dataset is supplied by Trans Union of Canada, Inc (“TransUnion”) and Equifax Canada Co. (“Equifax”) and includes consumer credit information about Canadian data subjects. GBG is obliged under the terms of its agreements with TransUnion and Equifax to ensure that all End Users agree to comply with the following licensing provisions:

1. DEFINITIONS
1.1. In these Additional Terms, the following definitions shall apply, in addition to the definitions set out in the General Terms and Product Terms:
End User Data” means any data provided to GBG by the End User for processing in accordance with the terms of the Agreement including, where relevant, any personal data.
Governmental Authority” means the government of Canada, or any political subdivision thereof, whether provincial, territorial, state, municipal or local, and any governmental, executive, legislative, judicial, administrative or regulatory agency, department, ministry, authority, instrumentality, commission, board, bureau or similar body, whether federal, provincial, territorial, state, municipal or local, in each case, having jurisdiction in the relevant circumstances.
Governmental Permit” means any license, right, permit, franchise, privilege, registration, direction, decree, consent, order, permission, approval or authority issued or provided, or to be issued or provided, by any Governmental Authority, including, where relevant to the End User, directives issued by any Canadian gaming control regulator.
Permitted Purpose” means the purposes, restrictions and or conditions for use of the Dataset outlined by the Supplier in the Additional Terms below in addition to the Customer User Case set out in the Agreement.
Supplier Confidential Information” means information in an oral, written, graphic, machine readable format or any other format or medium whatsoever including, but not limited to, information that relates to patents, patent applications, research, product plans, products, developments, inventions, processes, designs, drawings, engineering, formulae, markets, software (including source and object code), hardware configuration, computer programs, algorithms, business plans, policies or practices, agreements with third parties, services, customers, pricing, marketing or finances of TransUnion and/or Equifax or any other information that in the context of the relationship hereunder should reasonably be considered by the End User as non-public, confidential and/or proprietary.

2. USE OF THE DATASET
2.1. Before accessing the Dataset, the End User must confirm and verify that its organisation:
a) is a legitimate existing business;
b) has obtained the appropriate consumer’s consent required under Canadian privacy law as more particularly detailed in clause 11.1; and
c) is using the Dataset for its own benefit and that it does not intend to resell or otherwise release the information to another third-party business, entity or person.
2.2. Before accessing this Dataset, the End user must make the individual aware of the intended use of this Dataset and provide any notice to an individual that is required by Applicable Data Protection Law before providing End User Data to GBG.
2.3. The End User agrees to only use this Dataset for its direct business and in a manner that complies with applicable laws, including Canadian federal and provincial laws. The End User may only use the Dataset for fraud and/or regulatory purposes and in accordance with Canadian consumer reporting legislation for the following:
a) in connection with the extension of credit to a consumer to whom the information pertains;
b) in connection with the purchase or collection of a debt of a consumer to whom the information pertains;
c) for the purpose of the entering into or renewal of a tenancy agreement;
d) for employment purposes;
e) in connection with the underwriting of insurance involving the consumer;
f) to determine the consumer's eligibility for any matter under a statute or a regulation where the information is relevant to a requirement prescribed by law; or
g) where there is a direct business need for the information in connection with a business or credit transaction involving the consumer.
2.4. The End User covenants and agrees that it is the owner of the End User Data and that it has the authority to provide the End User Data in order to receive this Dataset and the Supplier Data and/or Results.
2.5. The End User must not under any circumstances use the Dataset for personal reasons or for investigation purposes, including but not limited to pre-litigation investigative services, without the consumer’s written consent (in accordance with clause 11.1, below) or as specifically permitted by applicable law.
2.6. The End User must track and maintain records of each inquiry carried out using the Dataset. Such records must include a copy of the consent obtained from each individual consumer in accordance clause 11.1 and must specify the purpose for which the inquiry was made. All records must be retained for the Term of the Agreement and for a period of at least three (3) years thereafter. Copies of records kept in accordance with this clause must be provided to the Suppliers within seven (7) Business Days of a request to do so. The End User shall ensure that all consents are in verifiable form.
2.7. The End User appoints GBG as its agent for the purposes of requesting the Service and otherwise facilitating the End User’s receipt of the Service. The End User warrants that it will request the Services for the End User’s exclusive, internal and one-time use only and pursuant to the procedures prescribed by the Suppliers and/or GBG from time to time.
2.8. The Service shall only be requested by, and disclosed by the End User to, an End User's designated and authorised employees, agents or representatives (each a “Representative”) on a need-to-know basis (provided such Representatives are bound by confidentiality obligations at least as strict as the confidentiality provisions set forth herein) and only to the extent necessary to enable the End User to use the Service in accordance herewith. The End User shall ensure that such Representatives do not attempt to obtain the Service as it relates to themselves, their associates, or any other person, except in the exercise of their official duties. Nothing herein is intended to allow the End User to receive the Service for the purpose of selling or otherwise providing them, or the information contained or derived from the Service, to the consumer who is the subject thereof, or to any third party. For further clarity, the End User is prohibited from selling the Services directly to consumers hereunder. The End User may make disclosures to consumers only as clearly required by law. Where the End User has made a legally permissible disclosure to a consumer, and such consumer has questioned information contained in the Supplier Data, the End User shall refer such consumer directly to GBG or the Suppliers for further investigation.
2.9. The End User acknowledges that the Suppliers are not responsible for the availability, performance, or security of GBG’s platform, or for the End User’s inability to obtain access to the Service. The End User is responsible for all breaches emanating from any of the End User’s password or code misuse or any breaches using such End User’s password or code. The Suppliers shall have no liability in relation thereto and the End User acknowledges that the Suppliers shall assume that the individual(s) logging into or accessing GBG’s platform using the specific code(s) and password(s) assigned to the End User are in fact authorised to do so by the End User.
2.10. The Service is configurable and the configuration, delivery specifications and/or decision criteria of the End User shall be as agreed upon between GBG and the Suppliers. The End User acknowledges and agrees that it is solely responsible to determine its compliance obligations, in particular without limitation, its compliance with the provincial consumer reporting legislation, privacy legislation or the Proceeds of Crime (Money Laundering) and Terrorist Financing Act of Canada (PCMLTFA) or other applicable law or regulation and as a result, the End User is solely responsible to obtain its own legal advice and to determine the configuration required from GBG such that it meets these compliance obligations.
2.11. In the event the End User obtains scoring services (“Supplier Scores”), the following terms shall apply. The Supplier Scores may be delivered with a consumer credit report for convenience only, but the Supplier Score does not form part of the consumer credit report and does not update, enhance, modify, supplement or change the information in the consumer credit report on which it is based. The End User agrees that the Supplier Scores are for the End User’s exclusive use. The End User may store the Supplier Scores solely for the End User's own use in furtherance of the End User's original purpose for obtaining the Supplier Scores and for no other purpose. The End User recognizes that factors other than the Supplier Score may be considered in making a decision about a consumer. Such other factors include, but are not limited to, the consumer credit report, the individual account history, application information, and economic factors. The Suppliers may provide score reason codes to the End User. The score reason codes are designed to indicate the principal factors that contributed to the Supplier Scores, and may be disclosed to consumers as the reasons for taking adverse action, as required by applicable consumer reporting law. The Supplier Score itself is proprietary and may not be used as the reason for adverse action and accordingly, shall not be disclosed to a credit applicant, except as clearly required by law.
2.12. The End User agrees that it will not:
(a) Resell, transfer, distribute or otherwise give any third party access to the Dataset;
(b) Assert any intellectual property right claim or other interest in the Dataset;
(c) Assign or otherwise transfer any of its rights to use this Dataset.
2.13. The End User may agree that it will:
(a) keep all information, data and documentation relating to this Dataset, including any account codes and passwords used to access this Dataset secure and confidential;
(b) securely destroy or delete information received as a result of this Dataset when it no longer has a need to keep it;
(c) allow GBG to conduct an audit to confirm the End User is in compliance in accordance with the Agreement;
(d) provide GBG with any relevant information and documents that GBG requests to respond to any question, investigation or audit by the Suppliers under GBG’s agreement with the Suppliers;
(e) give GBG prompt notice of any change that occurs from time to time in the information it provided on its End User Information Form;
(f) comply with any changes made to these Additional Terms from time to time as a condition of its continued use of this Dataset;
(g) acknowledge that this Dataset is not guaranteed to be error-free or uninterrupted;
(h) acknowledge that these Additional Terms may change from time to time to comply with applicable law.
(i) consent to the Suppliers and GBG sharing any non-personal information (as defined under applicable law) about the End User's use of the Services with the other.
2.14. The End User further acknowledges that, given the nature of the Dataset, GBG recommends that the End User does not use the Supplier Data and Results as the sole basis for any business decision. The End User expressly accepts to use the Dataset at its own risks.
2.15. The End User warrants that it will not use this Dataset for any reason outside of the Permitted Purpose.

3. DUE DILLIGENCE
3.1. Prior to granting the End User access to the Dataset, GBG must carry out a comprehensive membership review of the End User as well as a site inspection of the principal place of business of the End User or an inspection through a digital platform to determine whether the End User's security measures are consistent with the minimum standards specified by the Suppliers, including but not limited to the Safeguards, and if the End Users are appropriately verified and credentialed.
3.2. The End User acknowledges and agrees that access to the Dataset is dependent on the completion of a satisfactory audit and questionnaire that demonstrates compliance with these terms in accordance with clause 3.1.

4. SERVICE LEVELS

4.1. Notwithstanding the Service Levels in the Agreement, the End User acknowledges and accepts that:
a) TransUnion and Equifax perform regular maintenance on their systems and may utilise all their published maintenance windows during which the use of the Dataset may be unavailable.
b) TransUnion regularly maintenance windows is 2.00am to 6.00am Eastern Standard Time (ET) Sundays and, on occasion, TransUnion may institute an extended scheduled maintenance window with advance notice.
c) Equifax maintenance windows are as set out below:
• Monday: 12:30 am to 4:30 am ET
• Tuesday to Saturday: 3.30am to 4.00am ET
• Sunday 2.30am to 6.30 am ET
d) TransUnion and Equifax provide no specific resolution times for incidents that affects their services therefore the service resolution times as part of GBG’s Standard Support Services do not apply for this Dataset.

5. SAFEGUARDING
5.1. The End User shall implement, and shall take measures to maintain, reasonable and appropriate administrative, technical, and physical security safeguards (“Safeguards”) designed to: (i) ensure the security and confidentiality of any Supplier Data and personal information derived from the Services; (ii) protect against anticipated threats or hazards to the security or integrity of the Supplier Data and personal information; and, (iii) protect against unauthorized access or use of the Supplier Data and personal information. The End User shall implement and maintain reasonable security procedures and practices appropriate to the nature of the information and to protect the Supplier Data and personal information from unauthorized access, destruction, use, modification, or disclosure including without limitation, ensuring any End User intentional deletion, destruction and/or disposal of the Supplier Data and personal information (whether in paper, electronic, or any other form, and regardless of medium on which such Supplier Data and personal information is stored) is performed in a manner so as to reasonably prevent its misappropriation or other unauthorized use including, but not limited to, cross-shredding printed information and pulverizing or incinerating tapes, disks and other such non-paper media.
5.2. The End User is responsible for: (i) any breaches to its Safeguards, including those emanating from its leased lines, modems or other communication devices; (ii) any failure by the End User to establish or maintain its Safeguards; (iii) any loss, theft or unauthorized access, disclosure, distribution, copying, modification, use or destruction of the Supplier Data and personal information; (iv) any unauthorized access to or use of any software, hardware or systems of GBG or the Suppliers, including any authorized access or use of any account credentials or member codes; (v) any unauthorized entry to the facilities where the Services may have been accessible; (vi) any unauthorized release of or access to the Services by an employee, agent, contractor or subcontractor of the End User resulting from a breach of its Safeguards or otherwise; or (vii) any unauthorized access to or use of the Services (each, a “Breach”).
5.3. In the event of a Breach affecting the Supplier Data, the End User shall immediately (but in no event later than twenty-four (24) hours of becoming aware of a confirmed Breach affecting the Supplier Data) notify GBG by phone and in writing with the following information: a description of the Breach, and if known, the cause and the date (or the period during which) the Breach occurred, details of the Supplier Data and personal information impacted by the Breach, details of consumer impact, including the number of impacted consumers, a description of the steps taken to contain, mitigate and recover from the Breach, and any other information reasonably required by GBG or the Suppliers in connection with such Breach.
5.4. The End User shall fully cooperate with GBG and the Suppliers in mitigating any damages due to any Breach. Such cooperation shall include, but not necessarily be limited to, allowing GBG and/or the Suppliers to participate in the investigation of the cause and extent of such Breach. Such cooperation shall not relieve the End User of any liability it may have as a result of such Breach.
5.5. GBG and the Suppliers reserve the right to suspend or terminate the End User’s access to all or part of the Services if the End User fails to comply with its obligations in this clause or GBG or the Suppliers reasonably suspect that the End User is experiencing or has experienced a Breach. In addition, GBG or the Suppliers may require the End User to modify its account credentials, undergo a security assessment or agree to additional security controls in order to regain access to the Services, in their sole discretion. Upon request by GBG or the Suppliers, the End User shall provide a certificate signed by the End User’s forensic auditor or Chief Information Officer (or equivalent) to confirm that the Breach has been fully remediated and that there is no further risk to the Supplier Data and personal information.
5.6. The End User shall ensure that all of its employees, agents, contractor and subcontractors comply with the requirements set out in this clause and other obligations of the End User in the Agreement.

6. AUDIT AND INVESTIGATIONS
6.1. The End User shall cooperate with GBG and/or the Suppliers with regards to any investigation launched as a result of a consumer complaint or any other investigation necessary to ensure compliance with these Additional Terms and applicable laws. The End User shall re-verify disputed information and inquiries upon GBG and/or the Suppliers’ request and confirm such disputed items to GBG and/or the Suppliers within five (5) Business Days.
6.2. The End User understands and agrees that a failure to do so may result in the disputed information being deleted by the Suppliers as “unverifiable”. Furthermore, during the term of the Agreement and for a period of three (3) years thereafter, GBG and/or the Suppliers may audit the End User’s policies, procedures and records to ensure compliance with these Additional Terms, including compliance with applicable laws, upon reasonable notice and during normal business hours.

7. CONFIDENTIAL INFORMATION AND OWNERSHIP
7.1. The End User agrees that it will receive Supplier Confidential Information, and such Supplier Confidential Information will be held in strict confidence by the End User and shall be disclosed only (i) upon demand to governmental regulatory agencies; or (ii) as required by law. The End User shall protect any such Supplier Confidential Information with at least the same degree of care it uses to protect its own information of a similar nature (although not less than a reasonable degree of care) or as required under applicable laws.
7.2. The End User agrees that it is not a breach of the confidentiality obligations under the Agreement for the Suppliers to disclose to any third party any information furnished, including the End User Data, in the ordinary course of its credit reporting business for incorporation into the Suppliers’ database(s) or an inquiry of or an inquiry posted to the Suppliers’ database(s) pursuant to applicable law.
7.3. The End User agrees that the Services provided hereunder are confidential and proprietary to the Suppliers and except as explicitly set forth herein, and subject to the licenses granted to the End User hereunder, the entire right, title and interest in and to the Services and all copyrights, patents, trade secrets, trademarks, trade names, and all other intellectual property rights associated with any and all ideas, concepts, techniques, inventions, processes, or works of authorship including, but not limited to, all materials in written or other tangible form developed or created by the Suppliers in their performance of the Services, shall at all times vest exclusively in the Suppliers.
7.4. The Suppliers reserve all rights not explicitly granted to the End User hereunder. The End User shall not attempt, directly or indirectly, to reverse engineer, decompile, or disassemble the Services or any confidential or proprietary criteria developed or used by the Suppliers relating to the Services provided hereunder.
7.5. Subject to the End User’s compliance with these Additional Terms, GBG grants to the End User, on behalf of the Suppliers: (a) a worldwide, paid-up, non-transferable, revocable and non-exclusive license to all Services provided hereunder for use by the End User, within the End User’s internal business operations; and (b) a worldwide, paid-up, limited, revocable and non-exclusive license to use any and all Suppliers -owned intellectual property rights that are integrated into such Services to the extent necessary for the End User to exercise, unencumbered, its rights set forth herein. Such licenses shall not be deemed to include sublicensing rights or any rights to third party works including, but not limited to, any Suppliers’ subcontractor intellectual property rights, unless the Suppliers explicitly otherwise grant such rights to the End User in writing.

8. WARRANTY
8.1. The End User recognizes that the Services furnished to the End User are based upon data obtained from sources considered to be reliable. However, due to the possibilities of errors inherent in the procurement and compilation of statistical data involving a large number of individuals, the accuracy, reliability or completeness of the information provided as part of the Services is not warranted and the Services are provided “AS IS” and the End User shall use the Services at its own risk. The Suppliers do not guarantee the accuracy, completeness or reliability of the Services, and a fraud message, a match, or lack of a match, is not intended, in itself, to guarantee reliability. In addition, the Suppliers and GBG make no representations or warranties that the use of the Services or any particular configuration of such Services requested by the End User will enable the End User to meet its compliance obligations. OTHER THAN AS SET FORTH IN THIS CLAUSE, THE SUPPLIERS AND GBG MAKE NO OTHER WARRANTIES AND HEREBY DISCLAIM ALL OTHER WARRANTIES, REPRESENTATIONS, OR CONDITIONS, WHETHER STATUTORY, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, WARRANTIES OR CONDITIONS AS TO QUALITY OR FITNESS FOR A PARTICULAR PURPOSE OR THAT THE SERVICES WILL BE OF MERCHANTABLE QUALITY. FURTHERMORE, THE SUPPLIERS AND GBG’S SOLE LIABILITY, AND THE END USER’S SOLE REMEDY, FOR BREACH OF THIS WARRANTY SHALL BE THE CORRECTION OF ANY DEFECTIVE SERVICE (PROVIDED THAT, THE SUPPLIERS AND/OR GBG RECEIVE A WRITTEN NOTICE WITH A REASONABLY DETAILED DESCRIPTION OF THE DEFECT WITHIN TEN (10) DAYS AFTER THE PERFORMANCE OF THE SERVICES) AND/OR THE REFUND OF FEES PAID FOR SAME AT THE SUPPLIERS’ OR GBG’S DISCRETION. THE END USER ACKNOWLEDGES AND AGREES THAT THESE ADDITIONAL TERMS SHALL NOT GIVE RISE TO ANY THIRD-PARTY RIGHTS AGAINST THE SUPPLIERS’ DATA SUPPLIERS AND/OR LICENSORS AND THAT, TO THE MAXIMUM EXTENT PERMITTED BY LAW, ALL RIGHTS AND OBLIGATIONS UNDER THESE ADDITIONAL TERMS AND ANY LIABILITY RESULTING THEREFROM ARE SOLELY BETWEEN THE PARTIES HERETO.

9. INDEMNITY
9.1. The End User shall indemnify and hold harmless the Suppliers and its directors, officers, employees, representatives and agents from any and all claims, losses, liabilities or damages, including consequential damages, and costs (including reasonable attorney’s fees) arising directly or indirectly from, but not limited to: (i) the failure or alleged failure of the End User to perform any of its obligations described in these Additional Terms, and the failure by the End User to comply with any provision of these Additional Terms including but not limited to, any breach which results in the non-permissible use of the Services provided hereunder; (ii) the negligence or intentional wrongful conduct of the End User, and/or its directors, officers, employees, agents, contractor or subcontractors; (iii) the use or misuse of the Services by the End User; (iv) a violation by the End User of any applicable laws, including but not limited to the failure of the End User to obtain and/or maintain in good standing any relevant Governmental Permits; (v) any claims by individuals relating to the use, retention or disclosure of personal Information, including any information included in the Services; (vi) any claims arising out of actions or omissions of the End User, or its employees, agents, subcontractors; or (vii) any breach of confidentiality obligations or of any obligations related to the Safeguards.
9.2. The End User shall fully indemnify GBG against all liabilities, costs, expenses, damages and losses incurred by GBG as a result of the End User’s failure to comply with clause 11 of these Additional Terms. Liability in relation to this indemnity shall be uncapped.

10. LIABILITY
10.1. IN NO EVENT SHALL THE SUPPLIERS BE LIABLE FOR ANY CONSEQUENTIAL, INCIDENTAL, INDIRECT, SPECIAL, EXEMPLARY, OR PUNITIVE DAMAGES INCURRED BY THE END USER ARISING OUT OF THE PROVISION OF THE SERVICES, INCLUDING BUT NOT LIMITED TO LOSS OF GOODWILL, LOSS OF DATA AND LOST PROFITS OR REVENUE, WHETHER OR NOT SUCH LOSS OR DAMAGE IS BASED IN CONTRACT, WARRANTY, TORT, NEGLIGENCE, STRICT LIABILITY OR OTHERWISE, EVEN IF THE SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
10.2. IN NO EVENT SHALL THE SUPPLIERS’ TOTAL AGGREGATE LIABILITY TO THE END USER, OR ANY THIRD PARTY ARISING IN RESPECT OF THE SERVICES UNDER THESE ADDITIONAL TERMS AND/OR IN RESPECT OF THE SERVICES EXCEED THE TOTAL AMOUNT OF FEES PAID BY THE END USER FOR THE SERVICES DURING THE THREE (3) MONTH PERIOD IMMEDIATELY PRECEDING THE FIRST EVENT GIVING RISE TO A CLAIM FOR LIABILITY, WHETHER SUCH CLAIM IS BASED IN CONTRACT, TORT, WARRANTY, NEGLIGENCE, STRICT LIABILITY OR OTHERWISE.
10.3. THESE LIMITATIONS SHALL SURVIVE AND APPLY NOTWITHSTANDING THE VALIDITY OF THE LIMITED REMEDIES PROVIDED HEREUNDER.
10.4. IN NO EVENT WILL THE SUPPLIERS BE LIABLE FOR ANY DISPUTE THAT ARISES BETWEEN THE END USER AND GBG.

11. DATA PROTECTION AND COMPLIANCE WITH RELEVANT LAWS
11.1. The End User warrants that:
a) it shall comply with all applicable Canadian, provincial and local laws, including the various provincial consumer reporting acts or equivalent, the Personal Information Protection and Electronic Documents Act (Canada) ("PIPEDA") or equivalent provincial privacy acts, and any applicable regulations, judicial orders and/or orders of an administrative tribunal, as are now or may in the future become effective.
b) prior to use of the Dataset it has obtained the appropriate, active and informed consent from each individual consumer in accordance with applicable Canadian privacy law for the collection, disclosure and use of personal information about such consumer. The End User warrants that it will use such personal information only as permitted by such consent. The End User will permit GBG and/or the Suppliers to review a copy of the End User’s consent form(s) and/or privacy policy, and will forward any revised consent form(s) and/or privacy policy for review by GBG and/or the Suppliers within a reasonable period of time after their adoption. The End User agrees to make changes to such documents as GBG and/or the Suppliers may request from time to time that are necessary, in the sole opinion of the Suppliers, for the Suppliers to lawfully provide the Dataset. Where the End User requests the Services to be performed based on information obtained from a third party, the End User represents and warrants that it has obtained the agreement and/or consent of such third party for the intended use and that such use is consistent with any applicable law.
c) prior to the use of the Dataset it has obtained all Governmental Permits required to be obtained and that are necessary to carry on its business in each Canadian province and that each Governmental Permit is valid, subsisting and in good standing. The End User shall remain in good standing with all Governmental Authorities having jurisdiction or authority over or in respect of it and to obtain and maintain in good standing throughout the term all Governmental Permits necessary in connection with the operation of its business, including those required to be obtained and/or maintained pursuant to applicable law. The End User shall provide a copy of such Governmental Permits upon GBG’s or the Suppliers’ request.
11.2. The End User acknowledges and accepts that where the End User is subject to PCMLTFA, the Customer Audit Trail does not retain all the reporting requirements under PCMLTFA and the End User is solely responsible for complying with reporting requirements under PCMLFTA. Thus, the End User shall record and store the response codes provided in connection with the Service in accordance with the requirements set out under PCMLTFA. The End User acknowledges and accepts that GBG is not a reporting entity for the purposes of PCMLTFA and has no liability whatsoever in connection with the End User’s failure to comply with this clause.
11.3. The End User shall have a lawfully compliant privacy notice at the point at which it collects personal data from the data subject/individual. The End User’s privacy notice shall provide the necessary information that a reasonable data subject/individual would require to understand the nature, purpose, and consequence of the collection, use and disclosure of their personal data. The End User warrants and represents that its privacy notice includes all of the required information it is obligated to incorporate under PIPEDA, including but not limited to the following:
(a) The personal data it is collecting;
(b) How it will use the personal data that it is collecting;
(c) Who it will disclose the personal data to;
(d) Why it is disclosing the personal data to other parties; and
(e) The risks of harm or other consequences
11.4. The End User acknowledges that this Dataset is only recommended for ID verification of Canadian data subjects. Whilst GBG confirms that the Suppliers have passed privacy due diligence and that the Supplier Data used to provide this Dataset has been gathered lawfully by the Suppliers in accordance with privacy laws in Canada, the Suppliers may not adhere other privacy laws.

12. THIRD-PARTY BENEFICIARY
12.1. The Suppliers are intended third-party beneficiaries of these Additional Terms.

13. TERMINATION
13.1. In the event of a breach by the End User of these Additional Terms, the Suppliers shall have the right, without notice, to cause GBG to terminate the provision of the Services to the End User.
13.2. Notwithstanding the other termination provisions in the Agreement, under the terms of GBG’s agreement with the Suppliers the supply of this Dataset may be terminated at any time by GBG providing the End User with 90 days’ notice.