ISMS Connect, Berliner Allee 65, 64295 Darmstadt, represented by Christopher Eller, (hereinafter: “provider”) provides a portal with social network elements on www.isms-connect.com (hereinafter: “portal”), on which duly registered customers (hereinafter referred to as “users”) can make use of services and content of the provider relating to the topic of information security standards and can contact and communicate with other users and consultants.
These General Terms and Conditions (hereinafter referred to as “GTC”) govern the provision of services and content by the provider and the use thereof by the users. The user may use the paid services currently available on the portal, in particular plans, within the scope of their respective availability and access the content made available in this context. This offer is directed exclusively at entrepreneurs within the meaning of Section 14 of the German Civil Code (BGB), legal entities under public law or special funds under public law (hereinafter referred to as “business clients”). Private individuals are excluded from the offer.
Individually booked consulting services are not governed by these GTC. These must be distinguished from the “Expert Panel”, which the provider regularly offers to users on the portal and which is governed by these GTC.
These GTC shall apply exclusively. The provider does not accept any terms and conditions of the business clients that conflict with or deviate from these GTC, unless the provider has expressly agreed to their applicability in writing.
§ 2 – Amendment of the GTC
The provider reserves the right to amend these GTC at any time with effect also within the existing contractual relationships, insofar as
this is necessary for valid reasons, in particular due to a changed legal situation or jurisdiction of the highest courts, technical changes or further developments, new organizational requirements of mass traffic, regulatory gaps in the GTC, changes in market conditions or other equivalent reasons and does not unreasonably disadvantage the user, and
the amendments do not alter the essential business characteristics of the contract, in particular the paid services provided by the provider.
The provider shall notify the user of such amendments at least two (2) months before the amendments are planned to enter into force. The user may either agree to the amendments prior to their planned entry into force or reject the amendments. The user shall be deemed to have given his consent unless he has given notice of his rejection before the planned date of entry into force of the amendments. The provider shall make special reference to this de facto consent in its offer.
If the user rejects the amendments, both parties shall have the right to terminate the business relationship extraordinarily. The provider shall inform the user of this mutual extraordinary right of termination separately in its offer.
§ 3 – Plans, order and registration process, conclusion of contract via the portal
The provider offers the business client a selection of different plans. The plans offered are designed as a subscription and contain different services and content. The plans are exclusively available to business clients.
The use of the plans requires a registration. The registration follows the completion of the order process and the business client’s acceptance of these GTC.
The presentation of the plans by the provider does not constitute a binding offer to conclude a contract for the use of the services and content available on the portal.
By sending an order via the portal by clicking the button “Place order & Pay”, the business client places a legally binding order.
The provider shall immediately confirm the receipt of the business client’s order placed via the portal by e-mail and send him an e-mail with the necessary login details for the portal (name, URL). This e-mail does not constitute a binding acceptance of the order unless, in addition to the confirmation of receipt, the acceptance is declared at the same time.
A contract for the use of the services and content available on the portal (hereinafter referred to as the “user contract”) is only concluded when the provider accepts the business client’s order by activating the access to the portal or by a declaration of acceptance.
The registration of the business client as a user must be made by a natural person with unlimited legal capacity and power of representation. The contact data and other information requested by the provider during the order process must be provided completely and correctly by the business client.
§ 4 – Access to the portal
After the business client has provided all the requested data, the provider automatically checks it for completeness and plausibility. If the information is correct from the provider’s point of view and there are no other concerns, the provider will activate the access requested by the business client and notify it of this by e-mail. The e-mail shall be deemed to be acceptance of the business client’s user request. Upon receipt of the e-mail, the business client shall be entitled to use the portal within the scope of these GTC. For this purpose, the business client must confirm its activation in advance by clicking on the link contained in the e-mail.
After the order is placed, an e-mail containing the necessary login details for the portal (hereinafter “login details”) will also be sent automatically (cf. § 3 paragraph 5 of these GTC). With these details, the business client can log in to the portal after the activation of his access and its confirmation pursuant to paragraph1 of this provision.
The access is not transferable.
§ 5 – Responsibility for the login details
The login details must be kept secret by the user and may not be made accessible to unauthorized third parties.
It is also the responsibility of the user to ensure that only the user or persons authorized by the user have access to the portal and use of the services and content available on the portal. If there are concerns that unauthorized third parties have obtained or will obtain knowledge of the login details, the provider must be informed immediately.
The user shall be liable for any use and/or other activity carried out with its login details in accordance with the statutory provisions.
§ 6 – Updating the user data
The user is obliged to keep its data (including his contact data) up to date. If during the use of the portal there is a change in the data provided, the user must immediately update the information in his personal settings. If the user is not able to do so, it shall immediately notify the provider of the changes in its data by e-mail.
§ 7 – Use of fee-based services, prices, payment methods
The provider only offers fee-based plans only. The use of the services included in the respective plan is covered by the usage fee paid as an annual advance payment. The usage fee currently payable for the respective plan can be viewed on the “Prices” page and is also indicated to the business client during the order process. By submitting the order, the business client bindingly declares that he wishes to use the respective service. This contractual relationship shall be governed by these GTC and, if applicable, by additional terms and conditions of which the provider shall inform the business client prior to the use of the service.
The prices are net prices. The statutory value-added tax is shown separately both during the ordering process and on the invoice.
For the payment of the usage fee, the provider offers various payment methods, also with the help of payment service providers (e.g. Stripe for credit card, SEPA direct debit or PayPal). However, there is no claim to use a particular payment method. If payment by the methods offered is not possible at the time of the order or the automatic renewal of the subscription (e.g. due to a change of provider, technical problems or rejection of the payment method selected by the user by the payment service provider), payment must be made immediately to the account specified on the invoice (e.g. by bank transfer).
In the event of default, the provider is entitled to charge default interest in the amount of 9 percentage points above the base interest rate, unless the user proves a lower damage, or the provider proves a higher damage.
§ 8 – Term of the plans and extension, termination of the user contract by the user
The plans, which are designed as subscriptions, have a minimum contract term of one year, beginning with the user’s receipt of the e-mail pursuant to § 4 paragraph 1 of these GTC.
Upon expiry of the minimum contract period, the user contract shall be automatically extended by a renewal period of one year, unless the user terminates the contract prior to the expiry of the minimum contract term or the respective extension period.
The user can terminate the contract at any time by cancelling the subscription in his personal settings or by declaring the cancellation to the provider (e.g. by e-mail to firstname.lastname@example.org). The provider’s entitlement to payment for the current contract term remains unaffected by the termination.
When the termination becomes effective, the user contract ends, and the user may no longer use his access. The provider reserves the right to block the login details when the termination becomes effective.
Statutory rights of termination shall remain unaffected. Reference is made to the supplementary provisions on the provider’s termination rights in § 19 of these GTC.
§ 9 – Services offered and availability of services
Depending on the selected plan (Prices), the user can access different paid information and consulting services on information security standards (e.g. ISO 27001) in the portal. Such services may include, for example, making available links and resources, in particular data, contributions, image and sound documents, video recordings, documents, information, and other content (hereinafter collectively referred to as “content”). In addition, each registered user may contact other users by posting personal messages in the online forum of the portal. The content and scope of the services are determined by the respective contractual agreements, and otherwise by the functionalities currently available on the portal.
The services available on the portal may also include third-party services to which the provider merely provides access. For the use of such services – which are marked as third-party services – deviating or additional regulations may apply, to which the provider will refer the user in each case.
The provider endeavors to achieve a high availability of the portal within the area of its responsibility. If a non-availability of more than 10% of the days in total occurs within a billing cycle, this period shall be added to the subscription. Not included in the calculation of availability are the regular maintenance windows of the portal, which are between 2:00 and 4:00 a.m. every Friday.
In all other respects an entitlement to use the services available on the portal exists only within the framework of the provider’s technical and operational possibilities. The provider endeavors to ensure that the usability of its services is as uninterrupted as possible. However, temporary restrictions or interruptions may occur due to technical problems (e.g. power supply interruptions, hardware and software errors, technical problems in the data lines).
§ 10 – Updating the content
The content provided in the portal is regularly updated, renewed, and replaced. The content is amended based on new standards, findings or changed best practices. The provision of older and replaced content by the provider is not guaranteed.
§ 11 – Protection of content, responsibility for third-party content
The content available on the portal is predominantly protected by copyright or other property rights and is the property of Christopher Eller or the provider, the other users or other third parties who have made the respective content available. The compilation of the content as such may be protected as a database or database work in the sense of Section 4 paragraph 2, Section 87a paragraph 1 German Copyright Act (UrhG). The user may only use this content pursuant to these GTC and within the scope specified by the portal.
The content available on the portal originates partly from the provider and partly from other users or other third parties. The content of other third parties is hereinafter collectively referred to as “third-party content”. The provider does not check third-party content for completeness, accuracy and legality and therefore assumes no responsibility or warranty for the completeness, accuracy, legality, and timeliness of the third-party content. This also applies regarding the quality of the third-party content and its suitability for a particular purpose, and also insofar as it concerns third-party content on linked external websites. The legal liability as a telemedia provider remains unaffected.
Content that is not marked with a copyright notice of the provider is third-party content.
§ 12 – Scope of permitted use
The user’s right to use the portal is limited to accessing the portal and using the services and content available on the portal at any given time within the scope of the provisions of these GTC.
The content is available in the usual file formats (ZIP, PDF, XLSX, DOCX, HTML). The user is responsible for creating the necessary technical prerequisites for the contractual use of the services and content in the user’s area of responsibility. The provider does not owe the user any advice in this regard.
§ 13 – Posting of own content by the user
As far as available as functionality in the portal, the user may post content in the portal and thus make it available for third parties in compliance with the following provisions.
By posting content, the user grants the provider a free and transferable right of use to the respective content, in particular
to store the content on the provider’s server and to publish it, in particular to make it publicly available (e.g. by displaying the content on the portal),
to edit and reproduce, insofar as this is necessary for the provision or publication of the respective content, and
to grant rights of use to third parties in respect of the user’s content pursuant to § 14 of these GTC.
In the event, that the user removes the content posted by it from the portal, the right of use and exploitation granted to the provider as described above expires. However, the provider remains entitled to retain copies made for backup and/or verification purposes. The rights of use already granted to the other users to the content posted by the individual user shall also remain unaffected.
The user is fully responsible for the content posted by it. The provider does not assume any responsibility for checking the content for completeness, accuracy, legality, timeliness, quality and suitability for a specific purpose.
The provider reserves the right to refuse to post content and/or to edit, block or remove already posted content (including private messages and comments) without prior notice if the posting of content by the user or the posted content itself has led to a violation of § 14 of these GTC or if there are concrete indications that a serious violation of § 14 of these GTC will occur. In doing so, however, the provider will consider the legitimate interests of the user and choose the mildest means to prevent the violation of § 14 of these GTC.
§ 14 – Right of use of content available on the portal, additional usage fee when the granted rights of use are exceeded
Unless further use is expressly permitted in these GTC or in the portal or is enabled in the portal by a corresponding functionality (e.g. download button),
the user may retrieve and display online the content available on the portal exclusively for personal purposes. This right of use is limited to the duration of the contractual use;
the user is prohibited from editing, modifying, translating, presenting, or demonstrating, publishing, exhibiting, reproducing, distributing or using for his own commercial purposes, in whole or in part, the content available on the portal. It is also prohibited to remove or alter copyright notices, logos and other marks or protective notices.
The user is only entitled to download content and to print out content if the portal offers the option of downloading or printing content (e.g. by means of a download button). The user is granted a non-exclusive right of use for an unlimited period of time for the use of the legitimately downloaded or printed content for its own, non-commercial purposes. If the content is provided to the user in return for a fee, a further prerequisite for the granting of rights is the complete payment of the respective fee. All other rights to the content remain with the original holder of the rights (the provider or the respective third party).
The mandatory statutory rights (including the reproduction for private and other own use pursuant to Section 53 UrhG) remain unaffected.
If the user exceeds the rights of use granted to it pursuant to these GTC or in the portal by means of a corresponding functionality, the provider reserves the right to charge the user a respective additional usage fee.
§ 15 – Separate provisions for consulting companies
Consulting companies that are also active in the field of information security can only order the “Expert” plan for up to 25 consulting clients and make use of the content available therein pursuant to the functionality in the portal. Within this access, as an exception, the consulting company is allowed to use certain content (e.g. templates) for specified purposes beyond personal use (e.g. for consulting purposes). However, the use of the enabled content is limited solely to supplementary use in the consulting company’s own consulting business. Only the following acts of use are covered by this:
using the provided templates to customize and provide them to clients as part of the consulting company’s own consulting business.
using the provided information content for consulting clients within the scope of the consulting business.
Any further use is not permitted, in particular the content may not be edited, passed on to third parties, distributed via an online store or used to advertise the consulting company’s own services.
If a consulting company orders the “Plus” or “Pro” plan contrary to paragraph 1 of this provision, its access will be automatically changed to the “Expert” plan and the difference in the corresponding usage fee will be collected or invoiced via the payment method chosen by the company. The invoice for the fee-based services used will be sent to the consulting company by e-mail. § 14 paragraph 4 of these GTC shall remain unaffected by this.
Paragraph 2 of this provision shall apply accordingly if the provider becomes aware of the fact that a consulting company has ordered the “Plus” or “Pro” plan contrary to paragraph 1 or has exceeded the rights of use granted to it not until after the conclusion of the order.
§ 16 – Use of the online forum, moderation
In the portal, the provider offers an online forum (“ISMS Connect”). In ISMS Connect registered users can exchange information on information security standards and post content. Consultants of the provider participate in ISMS Connect, in particular by responding to questions.
The user may only use ISMS Connect for the exchange of information. In particular, it is not permitted to use ISMS Connect for the purpose of client acquisition or self-promotion, unless this has been permitted by the provider by way of exception (e.g. by explicit request to post vacancies).
The user is responsible for ensuring that its communication in ISMS Connect and the content it publishes there are lawful and do not infringe the rights of third parties.
ISMS Connect is moderated by the provider to ensure courteous interaction and limit discussion to information security topics.
§ 17 – Prohibited activities
The user is prohibited from using the services and content of the provider available on the portal contrary to the provisions of these GTC, in particular to offer and distribute them as his own services in the course of trade for commercial purposes towards third parties.
The user is also prohibited from any activities in or in connection with the portal that violate applicable law, infringe the rights of third parties or violate the regulations on the protection of minors. In particular, the following activities are prohibited:
posting, distributing, offering and advertising of content, services and/or products that are of a pornographic nature, violate the laws for the protection of minors, data protection laws and/or other laws and/or are fraudulent;
using content that insults or defames other users or third parties;
using, providing and distributing content, services and/or products that are protected by law or encumbered with third-party rights (e.g. copyrights) without being expressly authorized to do so.
Furthermore, regardless of any violation of the law, the user is also prohibited from the following activities when posting its own content on the portal or communicating with other users (e.g. by sending personal messages or by participating in ISMS Connect):
spreading viruses, Trojans and other malicious files;
sending junk or spam e-mails and chain letters;
distributing offensive, indecent, salacious, obscene or defamatory content or communication, as well as content or communication that is suitable to promote or support racism, fanaticism, hatred, physical violence or illegal acts (explicitly or implicitly);
harassing other users, e.g. by contacting them personally several times without or contrary to the reaction of the other users, as well as encouraging or supporting such harassment;
requesting other users to disclose passwords or personal data for commercial or illegal purposes;
distributing and/or publicly reproducing content available on the portal unless you are expressly permitted to do so by the respective author or unless this is expressly made available as a functionality on the portal.
The user is also prohibited from any activity that is likely to interfere with the smooth operation of the portal, in particular to excessively overload the provider’s systems.
Should the user become aware of any unlawful, improper, in breach of contract or otherwise unauthorized use of the portal, the user is requested to notify the provider via the contact form in the portal or by e-mail (email@example.com). The provider will then examine the matter and, if necessary, take appropriate action.
In the event of suspicion of unlawful or criminal acts, the provider is entitled and, where applicable, also obliged to review the activities of the user concerned and, if necessary, to take appropriate legal action. This may also include forwarding a case to the public prosecutor’s office.
§ 18 – Sanctions
If there is specific reason to believe that the user is violating or has violated these GTC, the rights of third parties, and/or applicable law, the provider may at its own discretion – considering the legitimate interests of the respective user – impose following sanctions:
restrict or limit the use of the portal,
issue a warning to the user,
temporarily or permanently block the user’s access .
In the event of temporary or permanent blocking, the provider will block the user’s access authorization and notify the user of this by e-mail. In the event of a temporary block, the provider shall reactivate the access authorization after the blocking period has expired and notify the user of this by e-mail. A permanently blocked access authorization cannot be restored. Permanently blocked persons are permanently excluded from participation in the portal and may not register on the portal again.
§ 19 – Provider’s termination rights
The provider may terminate the entire business relationship with the user at any time, subject to a reasonable period of notice, provided that neither a term of contract, in particular pursuant to § 8 of these GTC, nor a deviating termination provision has been agreed. When determining the period of notice, the provider will consider the legitimate interests of the user, and in particular shall not fall below a period of notice of two weeks.
Termination of the entire business relationship without notice is permissible if there is good cause which makes it unacceptable for the provider to continue the relationship, even considering the legitimate interests of the user. A good cause exists in particular,
if the user has provided false information during the ordering and registration process,
if there is an identifiable misuse of the portal by the user,
if the functionality of the portal is impaired by the user,
if the user uses the content available on the portal contrary to the provisions of these GTC, in particular offering and distributing them as his own services in the course of trade for commercial purposes towards third parties.
in case of violation of legal regulations or the rights of third parties.
If the good cause consists in the breach of a contractual obligation, termination is only permissible after the unsuccessful expiry of a reasonable period set for a remedy or after an unsuccessful warning, unless this is dispensable due to the special circumstances of the individual case (Section 323 paragraphs 2 and 3 BGB).
§ 20 – Limitation of liability
The provider is liable without limitation for any damages caused intentionally (vorsätzlich) or through gross negligence (grob fahrlässig) by the provider or its legal representatives, executives, or simple vicarious agents.
In other cases, the provider is liable – unless otherwise regulated in paragraph 4 of this provision – only in the event of a breach of a contractual obligation, the fulfillment of which is a prerequisite for the proper performance of the contract and on the observance of which the user may regularly rely on (so-called cardinal obligation). This is limited to compensation for the foreseeable and typical damage. In all other cases, the liability of the provider – subject to the provision in paragraph 4 – is excluded.
The limitations regulated in paragraphs 1 and 2 of this provision shall also apply in favor of the legal representatives, executive and simple vicarious agents of the provider if claims are asserted directly against them.
The limitations regulated in paragraphs 1 and 2 of this provision shall not apply in the case of fraudulent intent (Arglist), in the case of damage resulting from injury to life, limb or health, in the event of the assumption of guarantees (Übernahme von Garantien) or other strict liability, or for claims under the Product Liability Act.
§ 21 – Indemnification
The user shall indemnify the provider in the event of a claim due to an alleged or actual infringement and/or violation of third-party rights against all third-party claims arising from actions of the user in connection with the use of the portal for which the user is responsible.
In addition, the user undertakes to reimburse the provider for all costs incurred by the provider as a result of claims asserted by third parties pursuant to paragraph 1 of this provision. Reimbursable costs include, in particular, the costs of a necessary legal representation, including all court and attorney fees in the statutory amount.
In the event of a claim by a third party pursuant to paragraph 1 of this provision, the user is obliged to immediately provide the provider with all complete and accurate information required for the examination of the claims and a defense.
§ 22 – Form of declarations
All declarations submitted in the context of the use of the portal must be made electronically (e.g. via the contact form in the portal), unless expressly stated otherwise in these GTC or mandatory applicable statutory provisions require a different form of communication.
§ 23 – Severability clause
Should any provision of these GTC be or become invalid, this shall not affect the legal validity of the remaining provisions.
§ 24 – Applicable law
These GTC shall be governed by the laws of the Federal Republic of Germany, excluding the UN Convention on Contracts for the International Sale of Goods (CISG).
§ 25 – Jurisdiction
The place of jurisdiction for all disputes arising from and in connection with these GTC is the registered office of the provider, Darmstadt.