General Terms and Conditions

These General Terms and Conditions (“GTC”) apply to contracts (hereinafter uniformly referred to as ‘Contract’) between BRL Risk Consulting GmbH & Co. KG (“BRCG”), headquartered in Hamburg, registered in the commercial register of the Hamburg Local Court under HRA 122036, business address: Caffamacherreihe 16, 20355 Hamburg, with its customers (“clients”), the subject matter of which is the use of the “Certinova — Your Compliance Benchmark”service.

The presentation of the services offered by BRCG on the website (Certinova.com) does not constitute a legally binding offer, but rather an invitation to place an order.

By clicking on the “Order now” button on the website for a product they have selected after entering their data, the client submits a binding contractual offer in accordance with § 145 BGB (German Civil Code). Immediately after submitting the order, the customer receives an order confirmation, which does not yet constitute acceptance of the contract offer by BRCG. Unless otherwise stated in the order, BRCG is entitled to accept the contract offer within two weeks of its receipt by BRCG.

Acceptance can be declared either in writing (e.g. by order confirmation) or by providing the ordered service or a partial service to the client.

By selecting service packages for which no price is specified and which require an individual quote, the client does not submit a binding offer in accordance with Section 145 of the German Civil Code (BGB), but rather requests BRCG to prepare a quote, which BRCG is entitled to do but not obligated to do.

When booking a service package, the client is obliged to truthfully state the sizeof their company (1-50 employees, 51-999 employees, or 1000+ employees). If a client provides an untruthful statement regarding the size of their company, the contract shall be deemed to have been concluded under the terms and conditions applicable to the true size of their company. In this case, BRCG is entitled to the fee that can be charged when booking a package based on the true company size.

Amendments or additions to a contract referred to in § 2, including an individual contract concluded on the basis of a framework contract, and/or these General Terms and Conditions shall, unless otherwise specified herein, be made in writing, unless a stricter form is required by law.

The subject matter of the contract is the activity specified on the website (Certinova.com) in relation to the agreed service package, not the achievement of a specific economic success. The client is granted a limited, revocable,simple, non-transferable right to access and use the platform (app.certinova.com) for the purposes of evaluation (“right of use”). The right of use is valid for the agreed term. The scope of the right of use corresponds to the client's service package. The client can choose between different service packages. The packages contain different services, which can be viewed on the website (Certinova.com). With the “Starter” service package, the badge, scorecard, and compliance rating may only be used for internal business purposes.

BRCG is responsible for preparing a final report and a certificate, including the award of a scorecard and, where applicable, a badge (together referred to as“assessment documents”). These will only be prepared if the contractually agreed obligations to cooperate in accordance with § 4 have been fulfilled in full and on time. The assessment documents will be issued digitally.

BRCG offers a two-stage assessment. Stage 1 involves an assessment of the adequacy of the client's management system structure. Based on the results of stage 1, the client receives a scorecard and, if applicable, a badge in a class that corresponds to the level achieved by their company. The badge is awarded in ascending classes: “Committed,” “Advanced,” “Professional,” and “Excellent.”Each badge represents a specific level of performance. The more appropriate the structure of the client's management system is found to be, the higher the score on the scorecard and the higher the class of the badge  issued.

After successful completion of Level 1 (with at least one “Advanced” badge awarded), the effectiveness of the assessed management system can be evaluated by BRCG on the basis of a special commission in Level 2. Based on the results of stage 2, the client then receives a final report, a certificate, a scorecard and, if applicable, a badge. The badge is awarded in ascending classes:“Dedicated,” “Advanced,” ‘Professional’ and “Excellent.” Each badge stands fora specific level of performance. The better the design or effectiveness of theclient's assessed management system, the higher the score on the scorecard andthe higher the class of the badge issued.

The client receives the score for the assessment of its company based on the information disclosed by it that was available to BRCG at the time of the assessment. If information or circumstances change significantly during the  period of validity of the scorecard and/or badge, BRCG may suspend the score/badge. A reassessment requires a separate agreement between the parties.

BRCG shall only be obliged to provide further reporting, detailed reporting and/or verbal evaluation if and to the extent that this has been expressly agreed in writing.

BRCG shall provide its services with the diligence of a prudent businessman and always with reference to the individual situation and needs of the client.

BRCG shall employ qualified staff to perform the contract who have the necessary knowledge in the defined areas of auditing and consulting. When putting together the team to perform the contract, BRCG shall take into account the specific requirements of the client in relation to the subject matter. Unless otherwise agreed,  BRCG may use expert subcontractors to perform the contract, whereby BRCG shall remain directly obligated to the client at all times. Unless otherwise agreed, BRCG shall decide at its own discretion which employees or subcontractors shall be used to fulfill the contract.

BRCG provides its services in close consultation with the client. If, during the performance of the contractual services, further issues and problems arise that are not covered by the contract and appear to require a change in the scope of the contractual services, BRCG shall notify the client thereof and coordinate the further course of action with the client.

The platform (app.certinova.com) is generally accessible 24 hours a day, 7 days a week, except during maintenance periods. BRCG accepts no liability for network problems, interruptions, failures, delays, system unavailability, and other connectivity issues that affect the platform or the service. In such cases, the client cannot claim any compensation from BRCG. This also applies to cases of suspected information security breaches that are likely to seriously compromise the security of the platform and the services behind it or the data of the companies being evaluated. BRCG may temporarily suspend access to the platform without prior notice for as long as necessary to resolve the problem in a timely manner.

The contract is concluded for the duration of a one-time assessment. It ends with the delivery of the certificate, the scorecard, and, if applicable, the badge. A follow-up assignment is considered a new contract.

The client shall provide BRCG with the data, information, and documents (“Data”) requested on the platform (app.certinova.com) so that BRCG can perform its services.

The data provided must be truthful. The client is obliged not to provide or upload any illegal, fraudulent, harassing, defamatory, racist, or obscene data via the platform. The client is obliged to notify BRCG immediately of any changes to their data. The data may not contain the names, titles, or contact details of employees.

The client must designate at least one primary user as a contact person for BRCG. The client must ensure that the contact details of the primary users are always up to date, visible to BRCG, and secure. Only primary users may access the client's account on the platform and perform account-wide operations, make changes at the membership level, or respond to questionnaires.

Upon conclusion of the contract, the client shall have access to the platform (app.certinova.com) for one year and shall be able to download, among other things, the questionnaire to be completed, instructions, white papers, etc. in order to prepare for completing the questionnaire. Once the client begins answering the questionnaire, a binding period of 60 days begins, within which all necessary information must be submitted by the client. This period does not entitle the client to an extension of access to the platform. After this period has expired, the client's entitlement to the services owed by BRCG expires. In this case, there is no entitlement to a refund of the deposit paid.

For the purposes of providing services, the client grants BRCG the simple,royalty-free, worldwide right to host, store in cache mode, process, use, reproduce, and display the data provided by the client in the course of or in connection with the use of the platform, limited in each case to the purposes of (i) evaluation, (ii) thorough analysis, and (iii) creation of dashboards,and to use this data to provide the services offered by BRCG. The client warrants and represents that it has the rights and authority necessary to provide the data in connection with the use of the services and that it can grant these rights within the scope described above.

The client is responsible for its IT systems used to access the platform and to use data obtained by its users from the services, including all conclusions, decisions, and measures taken by the client and its affiliated companies based on such access or use.

Communication between BRCG and the client may also take place electronically. The client confirms that they are aware that electronic correspondence —in particular by email — entails considerable security risks. If the client does not wish to use electronic communication, or only wishes to use it with signature or encryption procedures, they shall notify BRCG of this in writing.

BRCG and the client are obliged to keep all confidential information that has become known to them in connection with contract negotiations or the concluded contracts secret for the duration of their business relationship and for 5 years after its termination, to protect it from access by unauthorized third parties, and to use it only for the purpose specified in the contract. BRCG and the client shall use each other's information only for the purposes of the platform (app.certinova.com) and the respective services to be provided, unless expressly agreed otherwise in writing.

“Confidential information” refers to all information and documents belonging to a party that were not previously known to the general public, either in whole or in part, and are therefore of economic value. This includes, in particular, evaluation questionnaires, methodology, certificates and related data, materials, works and other content obtained through access to and use of the platform,questionnaire responses, trade secrets, know-how, business relationships,business strategies, business plans, financial plans, personnel matters, and documents and information that are marked as confidential or are to be regarded as confidential under the circumstances.

The party receiving the confidential information may only disclose the confidential information of the disclosing party to its vicarious agents, in particular its employees and subcontractors, as well as to persons who are bound to professional secrecy on a need-to-know basis, if and to the extent that this is necessary for the provision or use of the platform or for the performance of the services to be rendered. The parties undertake to oblige these persons to maintain confidentiality in an appropriate manner. Unless otherwise specified in this agreement, neither party shall disclose Confidential Information to third parties.

The confidentiality obligation under Sections 5.1 and 5.3 does not apply to confidential information that

Upon conclusion of the contract, the client agrees that BRCG may list the client's company name and logo as a reference customer on its website (currently certinova.com) and in print and online advertising materials. This consent shall remain valid unless the client objects in writing.

BRCG retains sole control and is solely responsible for all aspects of the platform (app.certinova.com) and the associated assessment services, including:

BRCG reserves the right, at its sole discretion, to make changes to the platform and the services offered that BRCG deems necessary or appropriate in order to:

In the event of force majeure and other unforeseeable, extraordinary circumstances beyond BRCG's control (e.g., unforeseen operational disruptions, strikes,lockouts, lack of means of transport, official intervention, energy supply difficulties, and the like) that affect the functionality of the platform (app.certinova.com), any performance deadlines of BRCG shall be extended to a reasonable extent. This shall not apply if BRCG is guilty of negligence in taking over, providing for, or averting such circumstances. If the aforementioned circumstances make it impossible or unreasonable for BRCG to perform, BRCG shall be released from its obligation to perform.

BRCG may only invoke the aforementioned circumstances if BRCG notifies the client thereof without delay.

§ 7.1 shall apply mutatis mutandis if an employee of BRCG contractually assigned to the project is unable to work for reasons that were unforeseeable at the time the contract was concluded and for which BRCG is not responsible. If the employee is permanently or long-term unable to perform the service, BRCG shall be entitled to provide a replacement employee with at least the same skills.

If the above delays in performance become unreasonable for the client, it may set BRCG a reasonable deadline for commencing and/or continuing the contractual activities and, after this deadline has expired without result, terminate the contract extraordinarily in accordance with § 12. BRCG's claim to remuneration for services already rendered remains unaffected by this.

Insofar as BRCG is responsible for impediments to performance, BRCG shall be liable for this in accordance with § 11.

The parties undertake to show consideration for each other's interests and legal rights. They shall inform each other immediately of any circumstances arising during the performance of the contract that may affect the performance of the contract or the other party's other interests and/or legal rights.

The client guarantees that it, its affiliated companies, and its and their employees will refrain from any action that could jeopardize the independence of BRCG employees.

The Client shall inform BRCG if its contact details change. The Client acknowledges and agrees that it is responsible for keeping the contact details, including but not limited to the email addresses of its designated representatives, up to date at all times during the term of this Agreement.

The client and its users may not

The client is responsible for securing access to the platform (app.certinova.com) for itself and its authorized users, treats its access data confidentially, and informs BRCG immediately of any unauthorized access. In addition, it shall take all reasonable and lawful measures within its control to stop unauthorized access and mitigate its effects. All actions taken using the client's access data shall be deemed to have been carried out by the client.

BRCG reserves the right to assert claims for damages based on a breach of the above obligations and other rights (e.g., termination for good cause, injunctive relief).

As part of the Certinova evaluation, BRCG issues a final report and a certificate,including a scorecard and, where applicable, a “compliance badge” (“evaluation documents”). These documents are valid for twelve (12) months from the date of issue.

Within this period, the use of these evaluation documents for marketing purposes, in particular on websites, social media platforms, email signatures, or presentations of the client, is permitted.

The client may only use the evaluation documents in compliance with the provisions of the contract, the terms of use, and only in accordance with the rights associated with the purchased service package.

The client may not change the score on the scorecard or the rating or assessment results received from BRCG, including, but not limited to:

The disclosure of assessment documents to third parties, including the use of the badge by third parties, shall be subject to the restrictions on use and disclosure associated with the respective assessment document. Clients with a Starter service package are not permitted to export or disclose the assessment documents outside the client's company.

After expiry of the validity period and without successful revalidation, any use of the assessment documents, in particular the badge, must be refrained from. BRCG reserves the right to actively prevent any further use.

After conclusion of the contract, the client will be sent an invoice, which is due immediately without deduction. Invoicing is not dependent on receipt or evaluation of the questionnaire by BRCG.

The remuneration for the services specified in § 3 can be viewed on the website (Certinova.com). The prices stated on the website are exclusive of statutory sales tax.

Payment for the agreed services is due within 8 days of receipt of a proper invoice by the client. Upon expiry of the above payment period, the client shall be in default without further reminder (§ 286 (2) No. 2 BGB). In the event of default by the client, interest shall be charged on BRCG's remuneration at the applicable statutory default interest rate for the duration of the default. BRCG reserves the right to claim damages for default.

If a contract is not effectively concluded but BRCG has already provided services in accordance with § 3 with the consent of the client, it shall be entitled to reasonable remuneration for this.

Multiple clients are jointly and severally liable.

The client may only offset claims against BRCG with undisputed or legally established claims.

BRCG shall be liable to the client, regardless of the legal basis, for damages caused by BRCG, its legal representatives, and vicarious agents in accordance with the following provisions.

BRCG shall be liable for damages within the scope of fault-based liability in cases of intent and gross negligence. In cases of simple negligence, BRCG shall only be liable, subject to further legal limitations of liability (e.g., diligence in its own affairs),

BRCG shall not be liable for the improper application or implementation by the client of the recommendations given by BRCG within the scope of its services or in its working documents.

Insofar as BRCG's liability is excluded or limited under this contract, the same shall apply to the personal liability of its legal representatives, employees, and vicarious agents.

Any statutory warranty rights of the client shall expire 12 months after the start of the statutory limitation period, with the exception of claims for damages,which are subject to the statutory limitation period.

§ 10 applies accordingly to any claims for reimbursement of futile expenses (e.g. §284 BGB).

The contract within the scope of the “Certinova — Your Compliance Benchmark”service is a project contract for the one-time performance of an assessment and ends automatically upon full fulfillment of the contractual obligations of the parties. Separate termination is not required in this respect.

There is no right to ordinary termination for the duration of the contract. The right of both parties to extraordinary termination remains unaffected.

The following shall be considered extraordinary grounds for termination:

In the event of extraordinary termination by BRCG due to culpable breach of contract, in particular a lack of cooperation on the part of the client pursuant to Section 12.3 b), the client shall owe BRCG compensation for all damages incurred as a result of the premature termination of the contract, including lost profits.

Termination must be made in writing to be effective.

These General Terms and Conditions and the contractual relationship between BRCG and the client are governed by the substantive law of the Federal Republic of Germany, excluding international uniform law, in particular the UN Convention on Contracts for the International Sale of Goods.

The place of performance is the registered office of BRCG. The place of jurisdiction for all disputes arising from or in connection with this contract is Hamburg, provided that (i) all clients are merchants, legal entities under public law, or special funds under public law, or (ii) the client is not domiciled in Germany.

Where these General Terms and Conditions or individual agreements between the Client and BRCG stipulate the written form, this refers to the written form within the meaning of Section 126b of the German Civil Code (BGB). The exchange of emails to known email addresses satisfies the written form requirement. The written form requirement also applies to any amendment to the written form requirement.

The client may only assign rights arising from the contractual relationship with BRCG with the prior written consent of BRCG. Section 354a of the German Commercial Code (HGB) remains unaffected.