1. Parties and acceptance

These Terms of Service (“Terms”) govern access to and use of Lumiuz, a software-as-a-service employee background screening platform provided by Cordint Ltd, a company incorporated in England and Wales under company number 09579776 (“Cordint”, “we”, “us” or “our”).
These Terms apply between Cordint and the customer entity identified in an order form, proposal, statement of work, online subscription flow, or other ordering document that references these Terms (“Customer”).
By signing an Order Form, clicking acceptance, or accessing or using the Service, Customer agrees to be bound by these Terms. If an individual accepts these Terms on behalf of Customer, that individual represents and warrants that they have authority to bind Customer.

2. Definitions

“Affiliate” means an entity that directly or indirectly controls, is controlled by, or is under common control with a party.
“Applicable Data Protection Law” means all laws and regulations applicable to the processing of personal data under these Terms, including the UK GDPR, the Data Protection Act 2018, the EU GDPR where applicable, the Privacy and Electronic Communications Regulations 2003, and any implementing or related legislation, as amended or replaced from time to time.
“Authorised User” means an employee, contractor, or other individual authorised by Customer to access and use the Service on Customer’s behalf.
“Candidate Data” means personal data and related information relating to job applicants, workers, directors, contractors, referees, or other screened individuals submitted to, or collected through, the Service.
“Order Form” means the ordering document that sets out the subscription, fees, term, usage limits, and any service-specific details.
“Service” means the Lumiuz hosted software platform, associated portals, APIs, documentation, and related support services made available by Cordint under these Terms.
“Subprocessor” means a third party engaged by Cordint to process personal data on behalf of Customer in connection with the Service.

3. The Service and scope

Lumiuz is a configurable workflow and case-management platform for employee background screening, identity verification workflows, document collection, customer-configured screening packages, reporting, integrations, audit trails, and associated administrative functions.
Cordint may provide onboarding, implementation, training, support, and professional services if specified in an Order Form or statement of work.
The Service is a business-to-business offering. It is not directed to consumers or intended for personal, family, or household use.

4. Access and use of the Service

Subject to Customer’s compliance with these Terms and payment of applicable fees, Cordint grants Customer a limited, non-exclusive, non-transferable, non-sublicensable right during the Subscription Term to access and use the Service for Customer’s internal business purposes in connection with lawful employment screening and related onboarding activities.
Customer is responsible for: (a) all activity under its accounts; (b) maintaining the confidentiality of login credentials; (c) ensuring Authorised Users access the Service only on a need-to-know basis; (d) configuring and using the Service in compliance with law; and (e) obtaining all notices, consents, authorisations, and screening permissions required for Customer’s use case.
Customer must not, and must not permit any third party to: (a) resell, rent, lease, or timeshare the Service except as expressly authorised; (b) reverse engineer, decompile, disassemble, or attempt to derive source code except to the extent such restriction is prohibited by law; (c) use the Service to store or transmit unlawful, infringing, or malicious code; (d) circumvent usage limits or security controls; (e) conduct penetration testing without Cordint’s prior written approval; or (f) use the Service in a way that violates employment, anti-discrimination, human rights, consumer, or data protection law.
Customer acknowledges that screening decisions, suitability assessments, and hiring outcomes remain solely Customer’s responsibility. Cordint does not make employment decisions on Customer’s behalf unless expressly agreed in writing for a specific managed service scope.

5. Lumiuz responsibilities

Cordint will provide the Service materially in accordance with its documentation and the applicable Order Form.
Cordint will use reasonable skill and care in performing the Service and any professional services.
Cordint will implement and maintain appropriate technical and organisational measures designed to protect Customer Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access.
Cordint will provide standard support during the support hours and through the support channels described in the Order Form or support policy, if any.
Cordint may update, enhance, or modify the Service from time to time, provided such changes do not materially reduce the core functionality purchased by Customer during the then-current Subscription Term.
Cordint may suspend access to the Service immediately where necessary to address a security risk, prevent harm, comply with law, or respond to non-payment or material breach. Where practicable, Cordint will give Customer notice and work to restore access promptly.

6. Fees and payment

Customer shall pay the fees set out in the applicable Order Form or Pricing Plan. Except as expressly stated otherwise, fees are stated exclusive of VAT and other applicable taxes, which Customer shall pay in addition where chargeable.
Unless the Order Form states otherwise, invoices are due within 30 days from the invoice date. Overdue undisputed amounts may accrue interest at the rate permitted by the Late Payment of Commercial Debts (Interest) Act 1998.
Fees are non-cancellable and non-refundable except where these Terms expressly provide otherwise.
Cordint may suspend access to the Service for overdue amounts after giving reasonable notice and an opportunity to cure, provided Cordint will not suspend the Service while Customer is actively and reasonably disputing charges in good faith.
Where usage-based, pass-through, or third-party check fees apply, Customer shall pay such amounts as specified in the Order Form or selected Pricing Plan.

7. Confidentiality

Each party (the “Receiving Party”) shall keep confidential and not disclose any non-public information disclosed by the other party (the “Disclosing Party”) that is identified as confidential or that should reasonably be understood to be confidential given its nature and the circumstances of disclosure, including business plans, pricing, security information, product roadmaps, Customer Data, and technical information (“Confidential Information”).
The Receiving Party shall use the Disclosing Party’s Confidential Information only as necessary to exercise its rights and perform its obligations under these Terms and shall protect it using at least reasonable care, and no less than the care it uses to protect its own confidential information of a similar nature.
Confidential Information does not include information that the Receiving Party can demonstrate: (a) is or becomes public through no breach of these Terms; (b) was lawfully known to the Receiving Party without confidentiality obligation before disclosure; (c) is lawfully received from a third party without restriction; or (d) is independently developed without use of the Disclosing Party’s Confidential Information.
A Receiving Party may disclose Confidential Information where required by law, regulation, court order, or competent authority, provided it gives prior notice where legally permitted and reasonably cooperates with efforts to limit the disclosure

8. Data protection and GDPR

The parties acknowledge that, in relation to Candidate Data and other personal data processed by Cordint through the Service on Customer’s behalf, Customer is normally the controller and Cordint is the processor, unless the parties expressly agree otherwise for a specific processing activity.
Customer instructs Cordint to process personal data as necessary to provide, secure, support, and improve the Service, in accordance with these Terms, the applicable Order Form, Customer’s documented instructions, and Applicable Data Protection Law.
Customer warrants that it has a valid legal basis for the collection, use, disclosure, and other processing of personal data submitted to the Service, including any additional conditions required for criminal offence data, special category data, identity documents, or background check results.
Cordint shall: (a) process personal data only based on instructions from Customer unless required otherwise by law; (b) ensure persons authorised to process personal data are subject to confidentiality obligations; (c) implement appropriate technical and organisational measures; (d) assist Customer, taking into account the nature of the processing, with responding to data subject requests and meeting its obligations regarding security, breach notification, DPIAs, and prior consultation where required; (e) notify Customer without undue delay after becoming aware of a personal data breach affecting Customer Data; (f) delete or return personal data at the end of the provision of services, unless law requires retention; and (g) make available information reasonably necessary to demonstrate compliance with this clause.
Customer authorises Cordint to use Subprocessors provided that Cordint remains responsible for their performance of data protection obligations and maintains an up-to-date subprocessor mechanism or list available to Customer upon request or through the Service documentation.
Without limiting the generality of the foregoing, Customer acknowledges and authorises the use of the following third-party processors and screening partners in connection with the Service where configured by Customer or required for the relevant screening workflow: (a) Veriff, for automated identity verification and address verification services; and (b) Disclosure and Barring Service (DBS). Cordint may add, replace, or remove subprocessors from time to time, provided Cordint remains responsible for their performance to the extent required under Applicable Data Protection Law and maintains appropriate contractual and compliance safeguards.
Where Cordint transfers personal data outside the United Kingdom, the EEA, or another jurisdiction requiring transfer safeguards, Cordint will implement an appropriate transfer mechanism recognised under Applicable Data Protection Law.
If the parties need more detailed controller-processor terms, they shall enter into a separate data processing agreement or addendum, and if there is any conflict between such document and these Terms on data protection matters, the data processing agreement or addendum will prevail to the extent of the conflict.

9. Security and compliance cooperation

Cordint will maintain a written information security program appropriate to the nature of the Service and the risks presented by the processing, including measures relating to access control, encryption or equivalent safeguards, system monitoring, incident response, backup, and business continuity, as appropriate.
Customer is responsible for its own environment, endpoint security, identity and access management, and the security of data and systems outside the Service.
Upon reasonable request, Cordint may provide Customer with summaries of relevant security documentation, third-party assurance materials, or responses to reasonable security questionnaires, subject to confidentiality and proportionality.

10. Intellectual property

Cordint and its licensors retain all right, title, and interest in and to the Service, documentation, software, interfaces, templates, workflows, analytics, know-how, and all related intellectual property rights.
Customer retains all right, title, and interest in and to Customer Data.
Customer grants Cordint a non-exclusive right to host, copy, transmit, display, and otherwise process Customer Data as necessary to provide, secure, support, and improve the Service and to comply with law.
Cordint may generate and use aggregated and de-identified usage, telemetry, and service performance data for lawful business purposes, provided such data does not identify Customer, any Candidate, or any individual.

11. Warranties

Each party warrants that it has the power and authority to enter into these Terms.
Cordint warrants that during the Subscription Term the Service will perform in all material respects in accordance with the documentation under normal authorised use.
Customer warrants that it will use the Service only for lawful purposes and that all data, instructions, and materials it provides to Cordint may be lawfully processed by Cordint for the purposes contemplated by these Terms.

12. Disclaimer

Except as expressly provided in these Terms, the Service and all related services are provided “as is” and “as available”. To the maximum extent permitted by law, Cordint disclaims all other warranties, conditions, and representations, whether express, implied, statutory, or otherwise, including any implied warranties of merchantability, satisfactory quality, fitness for a particular purpose, non-infringement, accuracy, or uninterrupted availability.
Cordint does not warrant that the Service will be error-free or uninterrupted at all times, or that third-party data sources, screening providers, sanctions databases, government services, or identity verification services will always be available, complete, or accurate.
Customer acknowledges that background screening outcomes may depend on third-party records, candidate submissions, government agencies, and external data providers, and Cordint is not responsible for inaccuracies in source records outside its reasonable control.

13. Mutual indemnification

Cordint will defend Customer against any third-party claim alleging that Customer’s authorised use of the Service infringes that third party’s UK or EU intellectual property rights, and will indemnify Customer against damages, costs, and expenses finally awarded or agreed in settlement, provided Customer: (a) promptly notifies Cordint; (b) gives Cordint sole control of the defence and settlement; and (c) provides reasonable cooperation.
Cordint will have no liability under this clause to the extent a claim arises from: (a) Customer Data; (b) Customer instructions; (c) combinations with products or services not provided by Cordint; (d) unauthorised modifications; or (e) use of the Service in breach of these Terms.
If the Service becomes, or Cordint reasonably believes it may become, subject to an infringement claim, Cordint may: (a) procure the right for Customer to continue using the Service; (b) modify the Service so it becomes non-infringing without materially reducing functionality; or (c) terminate the affected Service on written notice and refund prepaid fees for the terminated portion of the remaining Subscription Term.
Customer will defend, indemnify, and hold harmless Cordint from and against third-party claims, losses, damages, liabilities, and reasonable costs arising from: (a) Customer Data; (b) Customer’s breach of these Terms or Applicable Data Protection Law; (c) Customer’s failure to obtain required notices, consents, permits, or screening authorisations; or (d) Customer’s employment, screening, or adjudication decisions.

14. Limitation of liability

Nothing in these Terms limits or excludes liability for death or personal injury caused by negligence, fraud or fraudulent misrepresentation, breach of confidentiality, infringement of the other party’s intellectual property rights, Customer’s payment obligations, or any liability that cannot be limited or excluded by law.
Subject to the previous paragraph, neither party will be liable to the other for any indirect, incidental, special, punitive, or consequential loss, or for any loss of profits, revenue, business, goodwill, anticipated savings, or data, in each case whether direct or indirect, arising out of or in connection with these Terms.
Subject to the first paragraph of this clause, each party’s aggregate liability arising out of or in connection with these Terms shall not exceed the total fees paid or payable by Customer under the applicable Order Form in the twelve months preceding the event giving rise to the claim.
The limitations in this clause apply whether the claim is in contract, tort (including negligence), breach of statutory duty, misrepresentation, restitution, or otherwise.

15. Term and termination

These Terms start on the Effective Date of the first Order Form and continue for the subscription term set out in the Order Form (the “Subscription Term”). Unless otherwise stated in the Order Form, subscriptions renew automatically for successive renewal terms equal to the initial term, unless either party gives at least 30 days’ written notice before the end of the current term.
Either party may terminate these Terms or an affected Order Form immediately on written notice if the other party materially breaches these Terms and fails to cure the breach within 30 days after written notice, or if the other party becomes insolvent, enters administration or liquidation, ceases to trade, or suffers an analogous event.
Cordint may terminate or suspend the Service immediately if required by law, if Customer’s use creates a material security risk, or if Customer repeatedly or materially breaches the acceptable use or payment provisions.
Upon expiry or termination: (a) Customer’s right to access and use the Service ends; (b) each party shall return or destroy the other’s Confidential Information on request, subject to legal retention obligations; (c) Customer shall pay any outstanding undisputed fees; and (d) Cordint shall delete or return Customer Data in accordance with the agreed data retention and exit process, subject to Applicable Data Protection Law and backup retention cycles.
Clauses which by their nature are intended to survive termination shall survive, including clauses relating to fees, confidentiality, data protection, intellectual property, disclaimers, indemnities, liability limits, and governing law.

16. Audit, records, and cooperation

Customer will maintain records demonstrating that it has an appropriate legal basis and required notices for screening activities carried out through the Service.
Where reasonably necessary to verify Cordint’s compliance with its processor obligations, and not more than once annually unless required by law or following a security incident, Customer may request audit information or a mutually agreed audit, subject to reasonable notice, confidentiality, security restrictions, and reimbursement of Cordint’s reasonable costs where appropriate.

17. General

Cordint may identify Customer by name and logo in its customer lists and marketing materials unless Customer objects in writing.
Neither party may assign these Terms without the other party’s prior written consent, except to an Affiliate or in connection with a merger, acquisition, or sale of substantially all assets, provided the assignee is not a competitor of the other party and agrees in writing to be bound by these Terms.
No failure or delay by either party to exercise any right under these Terms shall operate as a waiver.
If any provision is held invalid or unenforceable, the remaining provisions will remain in full force and effect.
These Terms, together with each Order Form and any incorporated data processing agreement, form the entire agreement between the parties regarding the subject matter and supersede prior discussions and understandings.
These Terms are governed by the laws of England and Wales, and the courts of England and Wales shall have exclusive jurisdiction, unless the applicable Order Form states otherwise.