General Terms and Conditions
As of: 2026-05-06
General Terms and Conditions for the Cybersecurity Consulting Service
Version: 6 May 2026 (v1.3 - Small-business regulation under Sec. 19 UStG)
Note: This English version is a non-binding translation provided for information purposes only. In the event of any discrepancy or dispute, the German version (https://certmap.de/agb) shall prevail.
Sec. 1 Scope of Application, Definitions
(1) These General Terms and Conditions (hereinafter "GTC") apply to all contracts for the paid 1:1 cybersecurity consulting service (hereinafter "Consulting Service") concluded between Daniel Thomas Heessel, Ober-Saulheimer Str. 15, 55291 Saulheim, Germany (hereinafter the "Provider" or "Daniel Heessel") and the customer via the CertMap platform (https://certmap.de).
(2) The platform tools available free of charge and without registration on CertMap, in particular "Quadrant", "Career Path", "Portfolio" and "Job Analyzer", are not subject to these GTC. The use of these tools is governed exclusively by the privacy policy at https://certmap.de/datenschutz.
(3) A consumer within the meaning of these GTC is any natural person who concludes a legal transaction for purposes which can predominantly be attributed neither to their commercial nor their independent professional activity (Sec. 13 BGB). An entrepreneur within the meaning of these GTC is a natural or legal person or a partnership with legal capacity who, when concluding a legal transaction, acts in the exercise of their commercial or independent professional activity (Sec. 14 BGB).
(4) Deviating, conflicting or supplementary general terms and conditions of the customer shall only become part of the contract if and to the extent that the Provider has expressly agreed to their validity in writing. This requirement of consent applies in any case, for example also if the Provider, being aware of the customer's general terms and conditions, performs the Consulting Service for the customer without reservation.
Sec. 2 Contractual Partner, Contact Details
(1) The customer's contractual partner is:
Daniel Thomas Heessel Ober-Saulheimer Str. 15 55291 Saulheim Germany
Email: kontakt@certmap.de
(2) Further information about the Provider can be found in the legal notice at https://certmap.de/impressum.
Sec. 3 Conclusion of Contract
(1) The presentation of the consulting packages on the CertMap platform does not constitute a legally binding offer but a non-binding invitation to the customer to submit an offer (invitatio ad offerendum).
(2) The booking process comprises the following steps:
a) selection of a consulting package, b) selection of an appointment via the embedded Cal.com booking tool, c) entry of contact details, d) redirection to the Stripe checkout page and entry of payment data, e) display of an order summary with the mandatory information pursuant to Sec. 312j(2) BGB in conjunction with Art. 246a EGBGB (in particular essential characteristics of the service, total price, identity of the Provider), f) submission of the binding offer by clicking the "order with obligation to pay" ("zahlungspflichtig bestellen") button (Sec. 312j(3) BGB).
(3) The contract is concluded once the Stripe payment has been successfully authorised and the Provider has sent the customer a booking confirmation by email.
(4) The Provider shall confirm receipt of the order and the conclusion of the contract without undue delay after conclusion of the contract in text form by email (Sec. 312f BGB). This confirmation contains the contractual provisions including these GTC as well as the cancellation policy and the model withdrawal form (see Annex A and B).
(5) The contract text is stored by the Provider in electronic form. The GTC can be retrieved and printed by the customer at any time at https://certmap.de/agb. Beyond this, no storage of the contract text with access via a customer account takes place, as CertMap does not require a customer account for the booking of the Consulting Service.
(6) The contract language is German. An English translation of these GTC is provided for information purposes; in the event of a conflict or interpretation issue, the German version shall prevail.
Sec. 4 Scope of Services
(1) The Provider shall render a 60-minute online consultation on cybersecurity career and certification topics via a video conferencing tool, the access link to which shall be communicated to the customer with the booking confirmation.
(2) The Consulting Service comprises:
a) structured preparation based on a pre-call questionnaire to be completed by the customer prior to the appointment, b) the 60-minute live consultation via video conference, c) follow-up in the form of a written PDF protocol containing the essential recommendations, to be delivered by email within seven business days after the appointment.
(3) The Provider offers three thematic packages. The exact scope of services and the respective end price will be displayed to the customer prior to the binding order in the Stripe checkout and in the order summary.
(4) The consultation is provider-independent. The Provider does not recommend any certification for the placement of which he receives a commission or other remuneration from third parties. The Provider does not receive remuneration from certification bodies, training providers or recruitment agencies for recommending specific programmes.
(5) The Consulting Service is a recommendation and orientation service in the nature of a service contract (Sec. 611 et seq. BGB). It does not owe a specific outcome, in particular no successful certification examination, no job change and no salary increase.
(6) The Consulting Service expressly does not include:
a) legal advice within the meaning of the German Legal Services Act (RDG), b) tax advice within the meaning of the German Tax Consultancy Act (StBerG), c) investment advice or asset management, d) medical, psychotherapeutic or psychological advice.
If topics with legal, tax, financial or health-related relevance are addressed during the consultation, the Provider will inform the customer of the need to consult an appropriately qualified professional (e.g. lawyer, tax advisor, doctor). The Provider does not render any advisory service in this respect and assumes no liability for any corresponding statements.
(7) The Provider notes that the cybersecurity certification landscape is subject to constant dynamics. The consultation reflects the state of knowledge at the time of the appointment. Continuous monitoring of changes to examination rules after completion of the consultation is not owed.
Sec. 5 Prices and Payment
(1) The end prices displayed in the Stripe checkout at the time of order shall apply. The prices are end prices including all price components.
The Provider is a small business within the meaning of Sec. 19 of the German VAT Act (UStG). Due to this status, no value added tax is shown in the end prices and, pursuant to Sec. 19(1) UStG, no value added tax is charged.
(2) Payment is processed exclusively via the payment service provider Stripe (Stripe Payments Europe Ltd., Ireland, and Stripe, Inc., USA). The entry and storage of payment data take place directly with Stripe. The Provider neither receives nor stores complete payment data (in particular no complete credit card numbers or SEPA mandate data).
(3) The remuneration is due immediately upon conclusion of the contract and is collected in full in the Stripe checkout.
(4) An invoice will be sent to the customer in text form by email after conclusion of the contract.
Sec. 6 Right of Withdrawal for Consumers
(1) Consumers have a statutory right of withdrawal pursuant to Sec. 355 et seq. BGB. The cancellation policy in Annex A of these GTC informs about the requirements and consequences of the right of withdrawal.
(2) The model withdrawal form is reproduced in Annex B of these GTC.
(3) Premature expiry of the right of withdrawal (Sec. 356(4) BGB): In the case of a contract for the provision of services, the consumer's right of withdrawal expires if the Provider has fully performed the service and only began performing the service after the consumer expressly consented thereto and at the same time confirmed knowledge that they would lose their right of withdrawal upon full performance of the contract by the Provider.
(4) During the booking process, the consumer has the option, by means of a separate, non-pre-ticked checkbox, to
a) expressly consent to the commencement of performance of the Consulting Service before expiry of the withdrawal period, and b) confirm knowledge that they will lose their right of withdrawal upon full performance of the contract.
If the consumer does not give such consent, the Provider shall commence performance of the Consulting Service only after expiry of the 14-day withdrawal period; an appointment scheduled before expiry of this period shall in such case be rescheduled by mutual agreement to a date after expiry of the period.
(5) If the right of withdrawal is exercised after the consumer has given the express consent under paragraph 4 and has partially used the Consulting Service, the consumer shall pay the Provider a reasonable amount corresponding to the proportion of the services already provided up to the time of withdrawal compared to the total scope of the services contractually agreed (Sec. 357a(2) BGB).
Sec. 7 Performance of Services and Customer Cooperation
(1) The consulting appointment is arranged via the Provider's Cal.com booking tool. The Provider shall communicate to the customer the access details for the video conferencing tool together with the booking confirmation.
(2) The customer may reschedule the appointment free of charge at the latest 24 hours before the agreed start time via the reschedule link contained in the booking confirmation. Later rescheduling is only possible after prior consultation with the Provider and subject to the Provider's consent.
(3) If the customer does not appear at the agreed appointment (no-show) or cancels the appointment less than 24 hours before the start time, the Provider shall retain the full remuneration claim (Sec. 615 BGB). This lump-sum approach reflects that the Provider has reserved the appointment, performed the preparation based on the pre-call questionnaire and could not accept alternative engagements. The customer reserves the right to prove that the Provider incurred substantially less or no damage; in such case the remuneration claim is reduced accordingly. The consumer's right of withdrawal under Sec. 6 of these GTC remains unaffected to the extent it has not expired pursuant to Sec. 356(4) BGB.
(4) The customer is responsible for fulfilling the following cooperation obligations:
a) provision of a stable internet connection with sufficient bandwidth, b) provision of a functioning microphone and (if required by the selected package) a functioning camera, c) complete and truthful answering of the pre-call questionnaire at the latest 24 hours before the appointment, d) responsibility for the security and malware-freedom of all content (documents, screenshots, configuration excerpts, log files) submitted by the customer to the Provider in the pre-call questionnaire, by email, or in the live consultation. The customer ensures, prior to submission, that no sensitive third-party data and no malicious content is included. The customer bears the damage arising from breach of this obligation to the extent attributable to them (Sec. 254 BGB).
(5) If the consultation does not take place or only takes place to a limited extent due to non-fulfilment of the customer's cooperation obligations, the Provider's claim to remuneration shall remain in full, provided the customer is responsible for the non-fulfilment.
(6) If the Provider is unable to attend the appointment for reasons attributable to him, he shall offer the customer a replacement appointment without undue delay. If no replacement appointment can be found that is reasonable for the customer, the Provider shall refund the full remuneration.
(7) Recording of the video conference (image and/or audio) is only permitted with the prior express consent of both parties. Unauthorised recording constitutes a violation of personality rights.
Sec. 8 Liability
(1) The Provider's Consulting Service constitutes a professional recommendation and orientation guide based on the information available at the time of the consultation. The Provider provides no guarantee for the occurrence of specific career, certification or remuneration outcomes derived by the customer from the consultation.
(2) The Provider is liable without limitation for intent and gross negligence as well as for damage arising from injury to life, body or health resulting from a breach of duty by the Provider, a legal representative or a vicarious agent.
(3) In the event of simple negligence, the Provider is only liable for damage arising from the breach of essential contractual obligations (so-called cardinal obligations). Essential contractual obligations are those obligations whose fulfilment is a prerequisite for the proper performance of the contract in the first place and on whose compliance the contractual partner regularly relies. In such case, the Provider's liability is limited to the foreseeable damage typical for the contract.
(4) Otherwise, the Provider's liability for simple negligence is excluded.
(5) Liability of the Provider under the provisions of the German Product Liability Act and from guarantees assumed remains unaffected by the foregoing limitations of liability.
(6) The Provider is not liable for failures, delays or defects caused by third-party providers used by him for the performance of the contract (in particular the payment service provider Stripe, the booking platform Cal.com, the video conferencing tool, the customer's internet connection), provided the Provider has selected and supervised these third-party providers with the care required.
(7) If the customer is an entrepreneur within the meaning of Sec. 14 BGB and the Provider's liability under the foregoing paragraphs is limited to the foreseeable damage typical for the contract, it is additionally capped in amount at three times the net fee agreed for the respective Consulting Service, but in any case not exceeding EUR 5,000.00 per claim. This monetary cap does not apply to consumers (Sec. 13 BGB); for consumers, the limitation to the foreseeable damage typical for the contract under paragraph 3 applies without an additional monetary cap. It additionally does not apply to damage arising from injury to life, body or health, to intent, gross negligence, claims under the German Product Liability Act, or to assumed guarantees.
(8) For clarification: within the liability limitation under paragraph 3 (simple negligence, cardinal obligations, foreseeable damage typical for the contract), consequential damages, damages from data loss on the customer's side, damages from compromised or insecure customer IT systems, and damages from third-party cyberattacks on customer systems are generally not foreseeable for the contract type and are therefore excluded from liability. This does not apply in cases of intent or gross negligence by the Provider, nor for damage arising from injury to life, body or health.
(9) The Provider assumes no liability for the achievement of any specific consulting outcome, in particular not for passing an intended certification examination, an actual job change, an achieved salary increase, a specific career development, or the effectiveness of recommendations implemented. The Consulting Service is a service contract within the meaning of Sec. 611 et seq. BGB; a specific outcome is expressly not owed.
Sec. 9 Data Protection
(1) Information on the processing of personal data in connection with the booking and performance of the Consulting Service is contained in the privacy policy at https://certmap.de/datenschutz.
(2) In particular, the privacy policy provides information about the data processors used for the performance of the contract (hosting, payment processing, booking, email communication) as well as the storage periods of the consultation-related data (in particular the pre-call questionnaire).
Sec. 10 Consumer Dispute Resolution
(1) The Provider is neither obliged nor willing to participate in a dispute resolution procedure before a consumer arbitration board within the meaning of the German Consumer Dispute Resolution Act (VSBG) (Sec. 36(1) No. 1 VSBG).
(2) A reference to the European Commission's ODR platform is omitted, as the underlying Regulation (EU) No 524/2013 (ODR Regulation) was repealed by Regulation (EU) 2024/3228 of 19 December 2024 with effect from 20 July 2025. The information obligation under Sec. 36 VSBG remains unaffected and is covered by paragraph 1.
Sec. 11 Applicable Law and Jurisdiction
(1) All legal relations between the Provider and the customer shall be governed exclusively by the law of the Federal Republic of Germany, excluding the UN Convention on Contracts for the International Sale of Goods (CISG).
(2) For consumers, this choice of law applies only to the extent that the protection granted to the consumer is not withdrawn by mandatory provisions of the law of the country in which the consumer has their habitual residence (Art. 6(2) Rome I Regulation).
(3) For actions brought by the consumer against the Provider as well as for actions brought by the Provider against the consumer, the statutory places of jurisdiction shall apply. In particular, the consumer may sue the Provider at the Provider's seat (Saulheim, Rhineland-Palatinate) or at the consumer's own place of residence.
(4) If the customer is an entrepreneur, a legal entity under public law or a special fund under public law, the exclusive place of jurisdiction for all disputes arising from or in connection with the contractual relationship is the Provider's seat in 55291 Saulheim, Rhineland-Palatinate. The Provider is also entitled to sue the customer at the customer's general place of jurisdiction.
Sec. 11a Contract Duration, Termination
(1) The contract ends upon full performance of the Consulting Service, including delivery of the PDF protocol.
(2) Both parties are entitled to terminate the contract extraordinarily at any time for cause (Sec. 626 BGB). In addition, both parties have the right of termination under Sec. 627 BGB, as the Consulting Service constitutes services of a higher nature entrusted on the basis of particular trust.
(3) If the customer terminates pursuant to Sec. 627 BGB without cause attributable to the Provider's contractual breach, the Provider retains the remuneration claim for partial services already rendered as well as, in accordance with Sec. 628 BGB, for expenses already incurred by the Provider in view of the conclusion of the contract (in particular reservation of the appointment, preparation based on the pre-call questionnaire). Prior to commencement of the live consultation, a lump sum amounting to 25 % of the agreed net fee shall be charged if the pre-call questionnaire has already been completed, otherwise 10 %. The customer reserves the right to prove that the Provider incurred substantially less expense.
(4) If the customer does not appear at the agreed appointment without an express termination declaration (no-show), Sec. 7(3) of these GTC shall take precedence; the lump-sum approach under paragraph 3 of this section shall not apply in such case.
(5) The consumer's right of withdrawal under Sec. 6 remains unaffected and takes precedence.
Sec. 12 Final Provisions
(1) Should individual provisions of these GTC be or become wholly or partially invalid, void or unenforceable, the validity of the remaining provisions shall remain unaffected. The respective statutory provision shall replace the invalid, void or unenforceable provision.
(2) Amendments to these GTC shall not become effective with respect to existing customers for contracts already concluded without their express consent. A unilateral amendment of the GTC by the Provider with a fiction of consent is excluded. For future contracts, the version published at https://certmap.de/agb at the time of conclusion of the contract shall apply.
(3) Declarations in connection with the contractual relationship (in particular withdrawal, rescheduling, complaints) may be made in text form by email to kontakt@certmap.de. To the extent that the law prescribes the written form, this requirement remains unaffected.
(4) Version of these GTC: 6 May 2026, version 1.3.
Annex A: Cancellation Policy
The following is a non-binding English translation of the statutory German cancellation policy under Art. 246a Sec. 1(2) EGBGB. In case of doubt, the German version prevails.
Right of Withdrawal
You have the right to withdraw from this contract within 14 days without giving any reason.
The withdrawal period is 14 days from the day of conclusion of the contract.
To exercise the right of withdrawal, you must inform us
Daniel Thomas Heessel Ober-Saulheimer Str. 15 55291 Saulheim Germany Email: kontakt@certmap.de
of your decision to withdraw from this contract by an unequivocal statement (e.g. a letter sent by post or email). You may use the attached model withdrawal form, but it is not obligatory.
To meet the withdrawal deadline, it is sufficient for you to send your communication concerning your exercise of the right of withdrawal before the withdrawal period has expired.
Effects of Withdrawal
If you withdraw from this contract, we shall reimburse to you all payments received from you, including the costs of delivery (with the exception of the supplementary costs resulting from your choice of a type of delivery other than the least expensive type of standard delivery offered by us), without undue delay and not later than 14 days from the day on which we are informed about your decision to withdraw from this contract. We will carry out such reimbursement using the same means of payment as you used for the initial transaction, unless you have expressly agreed otherwise; in any event, you will not incur any fees as a result of such reimbursement.
If you requested that the services should commence during the withdrawal period, you shall pay us an amount which is in proportion to what has been provided until the time you have communicated to us your withdrawal from this contract, in comparison with the full coverage of the contract.
Premature Expiry of the Right of Withdrawal
In the case of a contract for the provision of services, your right of withdrawal expires prematurely if we have fully performed the service and only began performing the service after you gave your express consent thereto and at the same time confirmed your knowledge that you would lose your right of withdrawal upon full performance of the contract by us.
Annex B: Model Withdrawal Form
The following is a non-binding English translation of the statutory German model withdrawal form under Annex 2 to Art. 246a EGBGB.
(If you wish to withdraw from the contract, please complete and return this form.)
To:
Daniel Thomas Heessel Ober-Saulheimer Str. 15 55291 Saulheim Germany Email: kontakt@certmap.de
I/We () hereby give notice that I/We () withdraw from my/our () contract for the sale of the following goods ()/the provision of the following service (*):
Ordered on ()/received on ():
Name of consumer(s):
Address of consumer(s):
Signature of consumer(s) (only if this form is notified on paper):
Date:
(*) Delete as appropriate.