MEXICO POPULATION CHECK (Item Check 0278) | ID NUMBER 100481
• Supplier hosts the Supplier Data
• Supplier is a Sub-processor of Client Information
• Client Information includes Personal Data
• The Sub-processor is located in Mexico
• The Sub-processor is located outside of the EEA
• The Supplier has signed full GDPR terms but did not pass GBG’s full GDPR due diligence assessment and information security review. See full details in the Additional Terms below.
• Where GDPR applies to the End User, the End User must rely on a derogation to transfer Client Information to the Sub-processor based outside of the EEA in accordance with Article 49 GDPR
The Supplier Data that GBG uses to provide Mexico Population Check is supplied by GBG’s Data Supplier. GBG is obliged under the terms of its agreement with its Data Supplier to ensure that all End Users agree to comply with the following provisions:
1. DATA PROTECTION AND COMPLIANCE WITH RELEVANT LAWS
1.1 The Supplier Data used to provide this element of the Service is hosted by the Data Supplier. In order to perform the Services, the Data Supplier shall act as Sub-processor of Client Information (including any Personal Data supplied) for the sole purpose of delivering this element of the Service. The End User authorises GBG to appoint the Data Supplier as Sub-Processor for the purposes specified in this clause 1.
1.2 The Data Supplier is based in Mexico which is located outside of the EEA. Where GDPR applies to the End User, the End User acknowledges that prior to submitting Client Information to GBG for processing it shall determine, and is solely liable for ensuring that it can rely on a derogation to transfer Client Information to the Sub-processor based outside of the EEA in accordance with Article 49 GDPR.
1.3 The Data Supplier has signed full GDPR terms but did not pass GBG’s full GDPR due diligence assessment and information security review as the Data Supplier is a small business so does not have documented information security policies and processes. GBG is working with the Data Supplier to implement appropriate policies.
1.4 The End User acknowledges and accepts that the Data Supplier as Sub-processor may not be able to demonstrate sufficient guarantees and appropriate technical and organisational measures which fully meet the requirements of GDPR and that it is solely responsible for any risk or liability which arises as a result of its decision to share Personal Data with the Data Supplier.