Terms & Conditions

Effective from September 2018

  1. Introduction

    1. These Terms and Conditions (the “Terms”) govern the supply of compliance and due diligence Software and Services from CDD Management Services Ltd (hereafter CMS and/or “we/us/our”) to you, our Client. To be a Client of CMS you need to be a legal entity within the UK, EU or EEA.
    2. If you have separate Master Services Agreement (MSA) with CMS, these Terms and Conditions should be read alongside your MSA. In the event of any contradiction between these Terms and your MSA, the Terms of your MSA will apply.
  2. Definitions

    1. “Applicant” is the natural person or legal entity who is the subject of our Service.
    2. “Annual Subscription” is the cost of the Annual Software Licence.
    3. “Annual Software Licence” covers the software components supplied by CMS. The Annual Software Licence Period starts when payment for the Annual Subscription is received and expires 12 months later.
    4. “Certificate” is documentary evidence available to you and the Applicant once our compliance and due diligence Service has completed for that Applicant.
    5. “Charges” are the fees you incur for the use of our Services. These Charges are paid for through the expenditure of Credits.
    6. “Client” is you, the legal entity who is contracting via the Annual Subscription to purchase an Annual Software Licence and open a Client Account for the purposes of buying Credits to purchase our Services.
    7. “Client Account” the ledger of Annual Subscriptions, Credits and Charges paid by you for the use of our Services.
    8. “Credits” are how you pay the Charges for our Services. Credits are a commitment by you to buy a volume of our Services within the Annual Software Licence period. Buying Credits in volume allows us to offer discounts based on the number of Credits purchased.
    9. “Intellectual property rights” means patents, inventions (whether patentable or not), trademarks, copyrights, service marks, logos, trade names, domain names, database rights, design rights, rights in know-how, confidential information, trade secrets, moral rights and any other intellectual property or proprietary rights (including rights in computer software), in each case whether registered or unregistered.
    10. “Jurisdiction of Operation” defines the Services available and the Control Standards applied.
    11. “Service” means the activities we perform and/or sub-contract to meet the compliance and due diligence Control Standards associated with a Service. You can view the Control Standards which support each Service within the Spotlite Settings Menu.
    12. “Service Pack” is a collection of Services within Spotlite that are available across different Jurisdictions of Operation and Lines of Business.
    13. “Spotlite” is the name of the propriety Software developed by CDD Services Ltd and licenced to CMS to support our management services.
    14. “Software” means Spotlite and all other software programs distributed, published or otherwise made available by CMS and its affiliates, including any updates or upgrades.
    15. “User” is the natural person who accesses one or more software components.
  3. Accounts, Subscriptions, Credits and Refunds

    1. When you register with CMS you will be asked to pay an Annual Subscription to purchase an Annual Software Licence and open a Client Account. You will also have the option to purchase additional Credits and add a donation to the charities we support.
    2. Before paying for your Annual Subscription, you will be asked to agree to these Terms and Conditions. Once your registration has been confirmed, you will have entered into a contractual relationship with CMS. The term of the contract will finish when your Client Account is closed. You may terminate your Client Account at any time.
    3. You will not be able to start using Spotlite until we have received payment from you and we have completed our own due diligence checks.
    4. The due diligence we conduct is to ensure that you are a valid business entity, registered with the Information Commissioners Office (ICO) and with a legitimate interest in accessing sensitive applicant information. While you can start screening immediately and your applicants will be able to access their information on the Applicant Portal, you will not have access to their Certificates until you have registered with the ICO and our due diligence checks are complete. We normally complete our due diligence checks within one working day.
    5. The last stage of our due diligence is to send our Letter of Engagement to you at the Registered Address of your business. This letter will contain the security details you need to be able to access the Client Portal, your applicant certificates and maintain other aspects of your account. You will find the Log In to the Client Portal on the CDD Management Services website.
    6. Your Annual Subscription determines the Software components available to you according to the details published on our website at the time of purchase. These details are sent to you by email, contained in our Letter of Engagement and can be seen within your Client Portal.
    7. Once you have access to the Client Portal, you will be able to add users according to the terms of your subscription and assign Service Packs to users according to your needs.
    8. The Client Portal allows you to purchase additional Credits. Discounts are applied depending on the amount of Credits you purchase. You will also be able to allocate your ‘credit budget’ between Service Packs i.e. you may have a customer on-boarding budget and an HR employee screening budget.
    9. Whilst your Client Account is open and unless you provide confirmation that you wish to terminate your account prior to the renewal date, the Annual Subscription will be renewed automatically upon the anniversary of the account. Unused Credits rollover from one Annual Software Licence period to another.
    10. If at any time it is found that you have breached any of these Terms or we suspect you or your Users are abusing our services for criminal intent, any wrongdoing or any other conduct we deem inappropriate, we may terminate your Client Account. In the event of termination under these circumstances you may be prevented from using the Software immediately.
    11. In the event of your Annual Subscription expiring or on termination of your Client Account for whatever reason, the remaining Annual Subscription and any unspent Credits are not refundable.
  4. Client Account Users

    1. If you are the administrator of a Client Account, you may create, amend or remove User accounts according to the commercial terms of your Annual Subscription.
    2. We will require some personal data about your users to validate their User accounts, including their name, a facial photo, Photo ID, mobile number and email. We also perform security checks with third parties and monitor usage to ensure Users are not misusing your account or abusing our services. You must obtain informed consent from your Users before registering their details with us. For more information see our Client and User Privacy Policy.
    3. You are accountable for the activities of all Users registered within your Client Account.
  5. Services and Charges

    1. Services are made available to your Users via Service Packs. Services and Service Packs maybe pre-configured by us or maybe customised by you depending on the terms of your Annual Subscription.
    2. Charges are applied to your Client Account when one of your Users initiates a Service. If the User cancels the Service part way through the process, you will only be charged for the Control Standards applied up to the point of cancellation. A summary of User’s activity and the Charges incurred are included within the Client Account.
    3. We may issue an Interim Certificate if for some reason the completion of the Service is protracted, i.e. due to a manual process awaiting a response from a Third Party. The full cost is only charged at the end of the Service and after we have sent the final Certificate.
    4. Unless otherwise stated, we only retain copies of the Certificate for you to download for 30 days from the end of the Service. Once the Certificate has been removed from our systems we only retain Third Party references as an audit trail for both you and the third parties concerned. You can access copies of the Certificates while they are available via your Client Account.
    5. We reserve the right to revise our Charges from time to time. We will notify you of any revision of our charges one calendar month before they are set to be implemented.
  6. Data Protection

    1. In order to accept these Terms, you must agree to our Privacy Policies for your Users and your Applicants where these Applicants are natural persons. As part of these policies, you agree that both the Client and CMS will be joint data controllers within the terms of GDPR and the privacy policy regulations within the Jurisdiction of Operation. You determine the purpose of processing by selecting the Service you wish to carry out. We determine the means of processing by applying the Control Standards associated with the Service.
    2. Your responsibilities as joint data controller include: -
      1. You agree that your usage of the Software and Services will not contravene the privacy and data protection law and regulations within the Jurisdiction of Operation and will register your details and Data Controller information with the local Data Protection Authority in the relevant EU Member State(s) or similar authorities in other Jurisdictions of Operation.
      2. You must only use our Software and Services to process personal data from an Applicant where there is a valid legal basis to do so and in accordance with these Terms.
      3. It is your responsibility to obtain informed consent from the Applicant. You must not scan identification documents or take a facial photo of an Applicant if they have not provided informed consent according to the jurisdiction’s Data Protection Regulation and our Applicant Privacy Policy.
      4. In the event of the Applicant refusing consent, you must provide alternative means of processing. You are responsible for creating and maintaining the alternative means and audit trail for each individual data subject who has refused consent.
      5. You must implement appropriate technical and organisational measures to ensure an adequate level of security in accordance with the relevant Data Protection Regulation for the Jurisdiction of Operation.
      6. You are solely liable for any data breaches of your security systems.
      7. You must inform the Applicant of how long you will store their personal data.
    3. In accordance with our Applicant Privacy Policy of full disclosure, where an Applicant is a natural person, we will inform the Applicant, as the data subject, of their rights in respect to their personal data and will provide a copy of the Applicant Certificate to them so that they may challenge any of the results found.
    4. The Certificate will contain the results of the Control Standards applied to the Service. The Certificate will also contain the contact details of the relevant Third Parties who acted as Data or Service Providers to perform those Control Standards. If an applicant wishes to challenge the accuracy of the Third Party data they will be able to contact the Third Party directly in accordance with the data protection laws of the Jurisdiction of Operation.
    5. Where the Applicant exercises their rights in respect of their personal data, CMS will cooperate with their reasonable request and comply with our legal obligations according to the Data Protection Regulation of the Jurisdiction of Operation.
    6. You are responsible for the security of all confidential information contained on the Applicant Certificate once this is sent to you and our Service is complete.
  7. Your Content

    1. You will retain all intellectual property rights to the content you input, submit and send through our Software and Services. You agree to grant CMS a perpetual, irrevocable, worldwide, non-exclusive and royalty-free license to analyse, reproduce, adapt, modify and translate the content you submit for the purposes of conducting Control Standard checks for the Service requested by your User or to report to the authorities suspicious or unusual behaviour that may indicate criminal activity or any other wrongdoing.
    2. In addition, you agree that these Terms and Conditions include the right to make this content available to our Third Party suppliers to perform, either automatically or manually, the Control Standard checks for the Service requested by you. These Third Party suppliers may be outside of the jurisdiction of the UK, EU or EEA. You therefore agree for your content to be used outside of your jurisdiction or the Jurisdiction of Operation.
    3. Unless otherwise stated, we store your data and your Applicant’s data on Microsoft Azure Cloud Service Platforms physically located in the UK.
  8. Our Licensing of Software and Services

    We grant you a worldwide, non-assignable, non-exclusive, revocable and non-sublicensable license to use our Software and Services for the period of the Annual Software Licence, under these conditions:

    1. You may only use the licensed Software and Services for the purposes permitted by Service Pack you have selected.
    2. You acknowledge that CMS, its parent CDD Services Ltd and its Third Party suppliers, own all intellectual property rights that subsist within the Software and Services.
    3. You must not copy, reproduce, incorporate, issue to the public, store, adapt, modify, transmit, decompile, reverse engineer, distribute or create any derivative work from the Software other than permitted in these Terms.
  9. Third Party Data Providers and Service Providers

    1. To support our Service Control Standards, we use a number of Third Party Data Providers and Service Providers across the globe. Some of these checks are automatic data provision; some are manual processes. Each supplier has their own terms and conditions in respect to the use of the data they provide. Where relevant, according to the Service your User selects, you agree to and comply with the provisions laid out in the Third Party’s’ End User Terms and Conditions.
    2. Where such Third Party Terms and Conditions exist, these are notified to you as part of the support information relating to a Service’s Control Standard. You will find this information in your Client Account under Services and Control Standards, and in the Spotlite app in Your Settings under the heading ‘Control Standards for [the Service in question]’. In addition, this information is also available to the User and Applicant at the start of the screening process within the ‘View Control Standards’ button displayed as part of the Privacy Policy link within the Spotlite app.
    3. In most cases Third Party charges are incorporated within our Service Charges. The exception to this is if you already have an account with the Third Party concerned. In such circumstances, an agreement may be required between you and the Third Party so that they will allow us to act as your agent and access their services on your behalf. These arrangements are outside of these Terms, however, in such circumstances, we will adjust our Charges accordingly.
  10. Other General Terms of Use

    1. You agree not to provide inaccurate, misleading or false information, or attempt to engage in impersonation, fraudulent or unlawful activity during your usage of our Software and Services. If we detect suspicious activity, we will report our suspicions to the relevant authorities within the jurisdiction concerned and may immediately suspend your Client Account.
    2. You agree not to attempt or engage in activity to circumvent our security system or attempt to access the business rules, configurations, source software or compiled code.
    3. You are responsible for your own data usage costs arising from the Software. We recommend that you connect to a Wi-Fi network when using the mobile applications.
    4. You must ensure that User IDs and passwords are kept confidential. You are responsible for your account and its activity. If you discover your account has been used without your authorisation, or hacked, you must notify us immediately so we can suspend the User account to avoid further misuse.
    5. You acknowledge that CMS does not provide back-up or storage services and that you are responsible for backing-up and storing any information you may need for your records in line with the Jurisdiction of Operation.
    6. You agree to not upload content which contains software viruses or any other computer code, files or programs which aim to interrupt, destroy or limit the functionality of any computer software, hardware or telecommunications equipment. In the event that you do, then you will indemnify us against any losses we suffer as a result of your conduct.
    7. You acknowledge that there may be occasions where access to the Software may be unavailable or interrupted due to the conducting of updates or maintenance, or the lack of Wi-Fi access or data coverage.
  11. Disclaimers

    CMS provides Software and Services on an “as is” and “as available” basis and to the extent permitted by law, grants no warranties of any kind, whether express, implied or otherwise, with respect to the application, including but not limited to, any implied warranties of satisfactory quality, merchantability, fitness for a particular purpose or non-infringement. Whilst CMS attempts to provide our best customer service, we do not warrant nor represent that:

    1. The Software and Service will be uninterrupted, secure or error free;
    2. Any defects or errors in the Software or Service will be corrected, or;
    3. Any of the content or information you obtain on or through the Software or Service will be accurate.
  12. Limitations and exclusions of liability

    1. Under no circumstances shall CMS have any liability to the Client, Applicant or any other person or entity for any indirect, special incidental or consequential damages of any description, whether arising out of warranty or other contract, tort, or otherwise, including without limitation, lost goodwill, loss of investment, loss of data or other losses.
    2. CMS will not be liable for the quality of the data provided by third parties. We are simply reporting to you what we have found for the Applicant from the Third Party source. The degree of reliance you place on Software and Services and the Third Party data and services provided remains solely your decision and accountability.
  13. Indemnity

    You agree, to the extent permitted by law, to indemnify, defend, and hold CMS and our affiliates, directors, officers, employees, licensors and agents harmless, from and against any and all complaints, charges, claims, damages, losses, costs, liabilities and expenses (including legal fees) due to, arising out of, or in connection in any way to:

    1. Any breach of our Terms by you;
    2. Any negligent acts or omissions committed by you;
    3. Your access to or use of the Software and Services;
    4. Your violation of any law or of any rights of any Third Party.
  14. Severability

    If any provision of these Terms and Conditions is found to be illegal or otherwise unenforceable, then that provision will be severed from these Terms and Conditions and will not affect the validity and enforceability of any remaining provisions.

  15. Waiver

    Our failure to exercise or enforce any of our rights in these Terms and Conditions does not waive our right to enforce such right.

  16. Assignment

    We may transfer, subcontract or otherwise deal with our rights or responsibilities under these Terms and Conditions to someone else without obtaining your consent. You may NOT transfer, subcontract or otherwise deal with our rights and/or obligation under these Terms and Conditions unless we agree to this in writing.

  17. Entire agreement

    These Terms and Conditions and the Privacy Policy constitute the entire agreement between you and CMS and supersede any prior agreements or negotiations you may have had with CMS.

  18. Changes to these Terms

    We reserve the right to update or amend these Terms and Conditions from time to time. We will notify you when an updated version of these Terms and Conditions becomes available. If you do not agree to the updated Terms and Conditions, you must cease using our Software and Services.

  19. Law and jurisdiction

    The agreement between you and CMS will be governed by the laws of England and Wales and English courts will have exclusive jurisdiction in the event of a potential dispute.

  20. Our details

    CDD Management Services Limited

    Company Registration number: 5164842

    2 Mount Street,
    M2 5WQ


    Look Further, Search Deeper

Contact Us