Skip to content
CertMap

Privacy Policy

As of: 2026-05-05

1. Data Controller

The controller responsible for data processing on this website in accordance with the GDPR is:

Daniel Thomas Heessel Ober-Saulheimer Str. 15 55291 Saulheim Germany

Email: kontakt@certmap.de

CertMap is operated as a commercial service. A data protection officer has not been appointed as the legal requirements for a mandatory appointment are not met.

2. Website Provision and Hosting

When accessing CertMap, technical access data is automatically collected in server log files.

Hosting Provider

Hetzner Online GmbH, Germany. Processing takes place exclusively in German data centres based on a data processing agreement (Art. 28 GDPR).

Data Categories

IP address, date and time, requested URL, referrer URL, and user agent.

Purpose and Legal Basis

Secure operation and IT security pursuant to Art. 6(1)(f) GDPR.

Retention

Server log files are automatically deleted after 7 days.

IP Anonymisation

Within the application, IP addresses are only processed as a SHA-256 hash, truncated to 12 hex characters, for abuse prevention (rate limiting). Re-identification is therefore practically excluded.

3. Local Storage (Cookies and Browser Storage)

We do not use tracking cookies. We only use technically necessary local storage areas of your browser in accordance with Sec. 25(2) No. 2 TDDDG.

LocalStorage

Storage of language settings (de/en), design preferences (light/dark), and your consent status for AI analysis.

SessionStorage

Temporary storage of tool states (e.g. career path or „pendingSave"), which are deleted when the browser tab is closed.

4. AI-Powered Job Analysis (Job to Certifications)

The use of AI analysis is voluntary.

Data Transfer

Entered texts are transmitted to Anthropic, PBC (USA). A server-side filter anonymises recognised email addresses and phone numbers beforehand.

Legal Basis

Your explicit consent according to Art. 6(1)(a) in conjunction with Art. 49(1)(a) GDPR.

Third-Country Transfer

As there is currently no adequacy decision for Anthropic, the transfer is based on your informed consent regarding the risks of access by US authorities.

Storage

CertMap does not store these texts permanently. Anthropic stores data according to its own policies for up to 30 days for security purposes (no training of AI models).

5. Consultation Booking and Payment Processing

The following services are used when booking a consultation.

Stripe

Payments are processed via Stripe Payments Europe Ltd. (Ireland) or Stripe, Inc. (USA). Stripe is certified under the EU-US Data Privacy Framework. The legal basis is the fulfilment of the contract (Art. 6(1)(b) GDPR).

Cal.com

We use a self-hosted instance of Cal.com on our German servers (Hetzner). No data transfer to Cal.com Inc. (USA) takes place.

Microsoft 365

Email correspondence and questionnaire data are processed via Microsoft Ireland Operations Ltd. Microsoft is certified under the EU-US Data Privacy Framework. To maintain data minimisation, confirmation emails to you are not stored in the server's Sent folder (saveToSentItems=false).

6. Pre-Call Questionnaire and Sensitive Data

The questionnaire serves to prepare for your consultation.

Special Categories of Data (Art. 9 GDPR)

Fields such as „caregiving responsibility" or free-text fields may contain sensitive information. Processing takes place exclusively on the basis of your explicit consent according to Art. 9(2)(a) GDPR.

Retention

Questionnaire data is deleted by default 6 months after the appointment, unless longer storage (e.g. continued client relationship, max. 36 months) is required.

7. Your Rights

You have the right to access, rectification, erasure, and restriction of processing of your data. Furthermore, you can revoke any consent given at any time. To do so, please contact us at kontakt@certmap.de. You have the right to lodge a complaint with the State Commissioner for Data Protection of Rhineland-Palatinate.

Last updated: May 2026