General Data Protection Regulation (GDPR)

1. Name and contact details of the persons responsible for data processing and the company data protection officer

This data protection information applies to data processed by:

Responsible persons: Dr. Stefan Fries (Managing Director), Holger Schaefer (Managing Director), Ulrich Gerndt (Managing Director), Dr. Jürgen Schüppel (Managing Director).

Martha Chappell (Company Data Protection Officer), Gotzinger Straße 52b, 81371 Munich, Germany, e-mail: info(at)change-factory.de, telephone: +49 (0) 89 76 73 66 0, telefax: +49 (0) 89 76 73 66 100.

2. Collecting and storing personal data; type and purpose of its use 

a) When visiting our website

When you visit our website www.change-factory.de, the browser on your device automatically sends information to the server on our website. If you do not wish this to happen, you should set your internet browser so that it refuses to accept cookies. The forwarded information is stored in a so-called log file. The following information is recorded without your assistance and stored until it is automatically deleted:

IP address of the requesting computer,

  • Date and time of access,
  • Name and URL of the retrieved file,
  • Website from which access is made (referrer URL),
  • Browser used and, if applicable, operating system of your computer as well as the name of your access provider.

The aforementioned data is processed by us for the following purposes:

  • To ensure that the connection to our website functions smoothly,
  • To enable convenient use of our website,
  • To evaluate system integrity and stability
  • For other administrative purposes.

The legal basis for data processing is Articles 5-11 GDPR. Our legitimate interest is based on the aforementioned purposes for data collection. Under no circumstances do we use the data collected in order to draw conclusions about you personally.

Furthermore, we use cookies when you visit our website and we also make use of analysis services. You can find more detailed explanations on this under sections 4 and 5 of this privacy statement.

b) When using our contact form

If you have questions of any kind, we offer you the opportunity to contact us using the form provided on the website. A valid e-mail address must be stated so that we know who sent the request and can respond to it. Further information can be provided voluntarily.

Your data will be processed for the purpose of contacting us on the basis of your voluntary consent.

The personal data collected by us so that you can use the contact form are stored for processing your enquiry and sent to us by e-mail.

3. Passing on information

Your personal data will not be passed on to third parties for purposes other than those listed below.

We only pass your data on to third parties if:

  • You have expressly consented to this in accordance with Art. 6 GDPR,
  • A statutory obligation exists to transfer aforesaid data in accordance with Art. 6 GDPR, and
  • This is legally permissible and required under Art. 6 GDPR so that we can process contractual relationships with you.

4. Cookies

We use cookies on our website. These are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our site. Cookies do no damage to your end device, do not contain viruses, trojans or other malware.

Information is stored in the cookie that is accrued in each case in connection with the terminal device specifically used. However, this does not mean that we immediately gain knowledge of your identity.

We use cookies on the one hand to make it more convenient for you to use our offerings. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted when you leave our website.

We also use temporary cookies that are aimed at optimizing user-friendliness and are stored on your end device for a specified period of time. If you visit our site again in order to use our services, they automatically recognize that you have already visited us before and what entries and settings you have made so that you do not have to enter them again.

Secondly, we use cookies to statistically record the way in which our website is used and evaluate this for the purposes of optimizing our offerings (see section 5). These cookies enable us to automatically recognize that you have already visited us once before when you return to our site. These cookies are automatically deleted after a defined period of time.

The data processed by cookies is required for the aforementioned purposes to protect our legitimate interests as well as those of third parties in accordance with Art. 6 GDPR.

Most browsers automatically accept cookies. However, you can configure your browser to prevent cookies from being stored on your computer or to always have a message appear before a new cookie is created. Please note you might not be able to use all the functionalities of our website if you completely deactivate the cookies.

5. Tools und APIs

a) Tracking tools

The tracking tools listed below and used by us are carried out on the basis of Art. 6 GDPR. By using these tracking tools, we want to ensure that our website is designed to meet your needs and that it is continually optimized. We also use the tracking tools to statistically record the use of our website and evaluate this for the purpose of optimizing our offerings. These interests are deemed legitimate within the meaning of the aforementioned regulation.

To ensure optimal use of our website, our website uses Google Analytics, a web analysis service of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. To deactivate Google Analytics, Google provides a browser plug-in under tools.google.com/dlpage/gaoptout. Google Analytics uses cookies. These are small text files that make it possible to store specific information relating to the user on the user's terminal device. These enable Google to analyze the way in which our website offerings are used. The information collected by the cookie about how our website is used (including your IP address) is usually transferred to a Google server in the USA and stored there. We wish to point out that the code “gat._anonymizeIp();” has been added to Google Analytics on this website to ensure anonymous collection of IP addresses (so-called IP masking). If this anonymization is activated, Google abbreviates IP addresses within member states of the European Union or other signatory states to the Agreement on the European Economic Area so that no conclusions can be drawn about the user’s identity. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and abbreviated there. Google complies with the privacy provisions under the Privacy Shield agreement and is registered with the Privacy Shield program of the US Department of Commerce; it uses the information collected to evaluate and prepare reports on the use of our website and to provide us with other related services. You can find out more under www.google.com/intl/de/analytics/privacyoverview.html.

b) Google Maps

This website uses the map service Google Maps via an API. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

To use the functions of Google Maps it is necessary to save your IP address. This information is usually transmitted to a Google server in the USA and stored there. The provider of this site has no influence on how this data is transmitted.

Google Maps are used in the interests of attractively presenting our online offerings and making it easy for you to locate the places indicated by us on the website. This represents a legitimate interest within the meaning of Art. 6 GDPR.

You can find out more about how user data is handled by reading Google's privacy statement: www.google.de/intl/de/policies/privacy/.

c) Web fonts of Fonts.com

This site uses so-called web fonts provided by Fonts.com to ensure a uniform display of the typefaces. When you call up a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.

To do this, the browser you are using must link up with Fonts.com's servers. In this way, Fonts.com establishes that our website has been accessed via your IP address. The use of the web fonts of Fonts.com is done in the interests of ensuring a uniform and appealing presentation of our online offerings. This represents a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR.

If your browser does not support web fonts, a default font is used by your computer.

For more information about the web fonts of Fonts.com, see www.monotype.com/legal/privacy-policy.

6. Rights of persons concerned

You have the right

  • in accordance with Art. 15 GDPR to request information about your personal data processed by us. In particular, you may request information about the purposes of processing your personal data, the category of personal data, the category of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to have your personal data corrected, deleted, to restrict or object to its processing, the existence of a right of appeal, to establish the provenance of your data if said data has not been collected by us, as well as the existence of automated decision-making tools including profiling and, where applicable, meaningful information on details of aforesaid;
  • in accordance with Art. 16 GDPR to demand the immediate correction of incorrect or the completion of personal data stored by us;
  • in accordance with Art. 17 GDPR to demand the deletion of your personal data stored by us provided the processing of said data is not necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
  • in accordance with Art. 18 GDPR, to restrict the processing of your personal data if you dispute the accuracy of said data, if the processing is unlawful but you refuse the deletion of said data and we no longer require said data but you require it in order to assert, exercise or defend legal claims or if you have filed an objection to the processing pursuant to Art. 21 GDPR;
  • in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, customary and machine-readable format or to request its transfer to another responsible person;
  • in accordance with Art. 7 (3) GDPR, to revoke to us your once-given consent at any time. This means that in future we will no longer be allowed to continue processing data that was based on this consent; and
  • in accordance with Art. 77 GDPR to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or work.

7. Right of objection

Provided your personal data is processed on the basis of legitimate interests in accordance with Art. 6 (1) sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR provided there are reasons for this arising from your particular situation.

If you would like to make use of your right of revocation or objection, simply send an e-mail to info(at)change-factory.de.

8. Data integrity

For visits to our website, we use the SSL certificates of Let's Encrypt.

This is a technology based usually on a 256 bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can see whether a particular page of our website is transmitted in encrypted form by the closed display of the key symbol or the lock symbol in the address line of your browser.

We also use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

9. Current status and amendment of this privacy statement

This privacy statement is currently valid as of May 2018.

As a result of further developing our website and aforementioned offerings or changes in legal or official requirements, it may become necessary to amend this privacy statement. You can access and print out our current privacy statement at any time on the website at www.change-factory.de