General Terms and Conditions (GTC) for the Provision of Services

Platform Terms of Use

1  Purpose and Scope

These Platform Terms of Use (the "Terms") set out the conditions under which authorised users of a client of Validato (the "Authorised Users") may access and use the Validato online platform, including any related tools, interfaces, workflows, reports and functionalities made available by Validato from time to time (the "Platform").

These Terms apply to individuals who access or use the Platform on behalf of a client organisation that has entered into a contractual relationship with Validato (the "Client"). The Client remains Validato's contractu-al counterparty.
These Terms supplement the contractual agreement between Validato and the Client, including any appli-cable order form, service agreement, framework agreement, General Terms and Conditions ("GTC") and Data Processing Agreement ("DPA"). They do not replace, amend or override the commercial terms agreed with the Client, including pricing, payment, service scope, warranty, liability, data retention, governing law or jurisdiction. Candidates who are subject to a background check are not addressees of these Terms. Information regard-ing the processing of Candidate data is provided in the applicable Candidate Privacy Notice.

2  Authorised Users and Client Responsibility

The Client is responsible for ensuring that only duly authorised personnel are granted access to the Plat-form. The Client shall ensure that all Authorised Users comply with these Terms and with any applicable contractual obligations agreed between Validato and the Client. Any access to or use of the Platform by an Authorised User shall be deemed to be access to or use of the Platform by the Client. Validato may rely on actions taken through an Authorised User account as actions taken on behalf of the Client.

3  Account Security

Each Authorised User must use individual login credentials assigned to them or otherwise approved by Validato.

Authorised Users must:

1.    keep their login credentials confidential and secure;
2.    not share login credentials with any other person, including colleagues, external advisors, service pro-viders or third parties;
3.    not allow any other person to access the Platform through their account;
4.    use appropriate care when accessing the Platform, including by using secure devices and networks;
5.    immediately notify Validato of any actual or suspected unauthorised access, loss of credentials, secu-rity incident or misuse of the Platform

The Client is responsible for promptly disabling or requesting the removal of access rights for Authorised Users who no longer require access to the Platform, including where an Authorised User changes role or leaves the Client organisation.

4  Authority to Use the Platform

Authorised Users may access and use the Platform solely for the Client's internal background check, verifi-cation, compliance, onboarding, employment, contractor or third-party screening processes, as agreed between Validato and the Client.

5  Orders, Charges and Payment

Where the Platform enables an Authorised User to start, order, submit or trigger a screening or other ser-vice, such action may constitute an order placed by the Client in accordance with the applicable contract between Validato and the Client.
The commercial consequences of any such order, including pricing, payment obligations, invoicing, cancel-lation, refunds and consequences of late payment, are governed exclusively by the applicable agreement between Validato and the Client, including the GTC or any individually agreed contract.

6  Permitted Use

Authorised Users may use the Platform only:
1.    for the Client's own internal purposes;
2.    within the scope of the services agreed between Validato and the Client;
3.    in accordance with applicable laws, including data protection, employment, labour, anti-discrimination and confidentiality laws;
4.    in accordance with these Terms and any reasonable instructions or platform guidance made available by Validato.
7    Prohibited Conduct

7  Prohibited Conduct

Authorised Users must not, and the Client must ensure that Authorised Users do not:
1.    initiate any screening without a legitimate purpose or lawful basis;
2.    use the Platform for private, unlawful, discriminatory, abusive, excessive, disproportionate or unau-thorised purposes;
3.    submit false, misleading, incomplete or outdated information;
4.    access, search, view, export, download, disclose, publish, sell, transfer or otherwise process Candi-date data, screening results or Validation Reports without a legitimate need to know or proper author-isation;
5.    share login credentials or permit access by unauthorised persons;
6.    attempt unauthorised access to the Platform, its systems, infrastructure or data;
7.    circumvent, disable, interfere with or test Platform security features without Validato's prior written approval;
8.    introduce malicious code, malware, automated scripts, bots or other harmful components;
9.    copy, scrape, crawl, monitor, reverse engineer, decompile or otherwise attempt to derive the source code, structure, algorithms or underlying technology of the Platform, except where mandatory law ex-pressly permits this;
10.    use the Platform in any way that may impair its availability, integrity, performance or security.
Authorised Users must not aggregate, benchmark, compare, analyse, export or otherwise use Platform data, Candidate data, screening results or Validation Reports for purposes unrelated to the Client's inter-nal screening process.

8  Information Security

Validato is certified according to ISO/IEC 27001 and maintains an information security management sys-tem designed to protect the confidentiality, integrity and availability of the Platform and the personal data processed within it. Authorised Users must comply with and not circumvent, disable or interfere with Validato's technical and organisational security measures.
The Client and its Authorised Users must notify Validato without undue delay of any actual or suspected unauthorised access, loss, theft or disclosure of login credentials, data breach, security incident, misuse of the Platform, or vulnerability or weakness affecting the Platform or the security of Candidate data. Notifications shall be sent to info@validato.com or to any other contact point designated by Validato.

9  Suspension and Termination of Access

Validato may suspend, restrict or terminate access to the Platform, in whole or in part, where it has rea-sonable grounds to believe that login credentials have been shared, compromised or used by an unauthor-ised person, the Platform has been used in breach of these Terms, there is a risk to the security, confiden-tiality, integrity or availability of the Platform or the data processed through it, continued access may result in a breach of law, contract or regulatory obligation, the Client's contractual relationship with Valida-to has ended or been suspended, the Client has withdrawn or failed to confirm the relevant Authorised Us-er's authorisation, or the applicable agreement with the Client otherwise permits such suspension or ter-mination. Suspension or termination of an Authorised User's access does not affect any rights or obligations of Vali-dato or the Client under their applicable agreement.

10  Intellectual Property

All intellectual property rights in and to the Platform, including its software, design, interfaces, work-flows, databases, documentation, know-how, content, trademarks and underlying technology, belong to Validato or its licensors.
The Client and its Authorised Users receive only a limited right to access and use the Platform for the Cli-ent's internal purposes and within the scope of the applicable agreement with Validato. No ownership rights, licences or other rights are transferred except as expressly set out in that agreement. Authorised Users must not copy, reproduce, modify, adapt, distribute, make available, reverse engineer or create derivative works from the Platform or its content, except where expressly permitted by Validato or by mandatory law.

11  Changes to these Terms

Validato may update these Terms from time to time, in particular to reflect changes to the Platform, legal requirements, security standards or operational processes.
Updated Terms will be made available through the Platform or by other appropriate means. The version applicable to the Client and its Authorised Users shall be determined in accordance with the applicable agreement between Validato and the Client.

12  Governing Law and Jurisdiction

These Terms are governed by Swiss law, excluding its conflict of law rules and excluding the United Nations Convention on Contracts for the International Sale of Goods.
To the extent legally permissible, the courts at the registered office of Validato Ltd. in Zurich, Switzerland, shall have exclusive jurisdiction.
Where an individually agreed contract between Validato and the Client provides for a different governing law or jurisdiction, such individually agreed provisions shall prevail.

 

June, 2026