Data protection

Privacy Policy for the Changepoint Group

Data protection

In the following, we would like to inform you about the processing of personal data in line with the usage of our internet pages. Under Article 4 of the General Data Protection Regulation (GDPR), “personal data” is any information relating to an identified or identifiable natural person (‘ affected person ‘). Identifiable is a natural person who identifies directly or indirectly, in particular by assigning it to an identifier such as a name, to a identification number, to location data, to an online identifier or to one or more special features The expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person. The legal basis for data protection can be found in the new Federal Data Protection Act (BDSG-new) and the General Data Protection Regulation (GDPR).

Data Controller

Changepoint Verwaltungs GmbH (Great Elbstraße 42, 22767 Hamburg) is responsible for this website.

Further information about our company and the authorised representatives can be found in our imprint on our website:

What data is being processed?

Legal basis of data processing

In order to be able to offer you our website and related services, we process personal data on the basis of the following legal bases:

  • Consent (Article 6 (1) lit. a) GDPR)
  • to fulfil contracts (Article 6 (1) lit. b) GDPR
  • on the basis of a balance of interest (Article 6 (1) lit. f) GDPR)
  • to comply with a legal obligation (Article 6 (1) lit. c) GDPR)

We will refer to the relevant terms in connection with the respective processing, so that you can classify the basis on which we process personal data.

If personal data is processed by you on the basis of your consent, you have the right to revoke your consent at any time with effect for the future towards us.

If we process data on the basis of a balance of interests, you as a concerned event have the right to object to the processing of the personal data, taking into account the requirements of Article 21 of the GDPR.

Access data

When you visit our website, personal data is processed in order to be able to show you the contents of the website on your device.

In order for the pages to be displayed in your browser, the IP address of the device you are using must be processed. In addition, there is more information about the browser of your device. The data is also used to identify and correct errors on the website.

We are also obliged under data protection law to ensure the confidentiality and integrity of the personal data processed with our IT systems.

For this purpose and from this interest, the following data are logged on the basis of a balance of interests:

  • Anonymized IP address of the calling computer (for a maximum of 5 days)
  • Operating system of the calling computer
  • Browser version of the calling computer
  • Name of the file retrieved
  • Date and time of retrieval
  • amount of data transferred
  • referring URL

The anonymized IP address will be deleted from all systems used in connection with the operation of these websites at the latest by five days at the latest.

The data is also used to identify and correct errors on the website.


Cookies are used on our website. Cookies are small text information that is stored in your device via their browser. The cookies are necessary to enable certain functions of our website.

We use session cookies, which are automatically deleted from your browser immediately after the end of the visit to the website.

You can prevent cookies from being set by setting cookies in your browser. However, we would like to point out that the use of our website may then be limited. Cookies do not install or launch programs or other applications on your computer.

Cookies are used on the basis of a balance of interests. Our interest is the user-friendly visit to our website.

Google Webfont

We use so-called Google web fonts on our website. In the process, fonts are loaded from Google servers that better design the website. Data processing is based on a balance of interests, and our interest is in an appealing design of the website.

The fonts in question are loaded from servers of Google, which are usually located in the United States. The appropriate level of data protection is guaranteed by Google (list entry “Privacy Shield”).

Online presence on social media

We maintain online presence within social networks and platforms to communicate with customers, prospects and users who are active there. We inform our customers there about services. The terms and conditions and data processing policies are based on the respective operators of the respective networks when they call.

We only process users ‘ data when they communicate with us within the social networks. This would be the case if users write posts or send us messages on our online stores.

Use of Doubleclick Ad Exchange

This website uses the online marketing tool Doubleclick. As soon as Doubleclick Ad Exchange, a web ad service of Google Inc., USA (“Google”), displays advertisements (text ads, banners, etc.) on this website, your browser may store a cookie sent by Google Inc. or third parties. The stored information can be recorded, collected and evaluated by Google Inc. or even third parties. In addition, the Doubleclick Ad Exchange also uses so-called “WebBeacons” (small invisible graphics) for the collection of information, through which simple actions such as visitor traffic on the website can be recorded, collected and evaluated. The information generated (through Cookie and/or WebBeacon) about your use of this website is transmitted to a Google server in the USA and stored there as well. To evaluate their usage behavior with regard to Doubleclick Ad Exchange ads, Google uses the information it receives. This information may also be transferred to Google to third parties if required by law or if third parties process this data on behalf of Google.

If IP addresses are transmitted and stored in this context, this will only take place for the fight and filtering of spam/ic scams (ad impressions-spam and click spam).

This data is only accessible to anti-abuse teams. Google does not associate the IP address with other data stored by Google.

You can prevent cookies from being stored on your hard drive and web beacons from being displayed. To do this, you must choose “do not accept cookies” in your browser settings (in Internet Explorer under “Extras/Internet Options/Privacy/Settings,” in Firefox under “Extras/Settings/Privacy/Cookies”).

Google Re/Marketing Services

On the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer) in accordance with Article 6 (1) lit. (F) We GDPR, we use Google LLC’s marketing and remarketing services (Google Marketing Services), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”). Google is certified under the Privacy Shield Agreement, providing a guarantee to comply with European data protection law

Google marketing services allow us to display ads for and on our website in a more targeted way. This presents users with ads that potentially suit their interests. “Remarketing” is referred to when, for example, a user is shown ads for products they have been interested in on other websites.

For these purposes, when our and other websites are active on Google, a code from Google is executed directly by Google and so-called (re) marketing tags (invisible graphics or code, also known as “web beacons”) in The website is integrated. This stores an individual cookie, i.e. a small file, on the user’s device. The cookies can be set by various domains, including,,,, or This file shows which content the user is interested in and which website he has visited. It also notes which offers he has clicked, which referring websites, technical information about the browser and operating system, visiting time and other information about the use of the online offer.

Use of Google Adwords

We also use the Google Google advertising tool “Google Adwords” to promote our website. As part of this, we use the “conversion tracking” analytics service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, “Google” on our website. If you have entered our website via a Google ad, a cookie will be stored on your computer. Cookies are small text files that your internet browser stores and stores on your computer. These so-called “conversion cookies” lose their validity after 30 days and do not serve your personal identification. If you visit certain pages of our website and the cookie has not expired yet, we and Google can recognize that you as a user have clicked on one of our ads placed on Google and have been forwarded to our site.

The information obtained with the help of the “conversion cookies” is used by Google to compile visit statistics for our website. Through this statistic, we learn the total number of users who clicked on our ad and which pages of our website were subsequently accessed by the respective user. However, we or other advertisers via “Google Adwords” do not receive any information that can be used to personally identify users.

You can prevent the installation of the “conversion cookies” by setting your browser accordingly, for example by setting a browser that generally deactivates the automatic setting of cookies or specifically blocks only cookies from the domain “”.

Google’s privacy policy may be retrieved using the following link:

Purposes of processing personal date

We process the aforementioned data for the operation of our website and for the fulfillment of contractual obligations towards our customers or for the safeguarding of our legitimate interests.

For inquiries outside an active customer relationship, we process the data for sales and advertising purposes. You may object to the use of your personal information for promotional purposes at any time.

SSL and/or TLS encryption

For security reasons and to protect the transfer of confidential content that you send to us as a site operator, our website uses an SSL or TLS encryption programm. This means that data that you transmit via our websites cannot be read by third parties. You can recognize an encrypted connection by the “https://” address line of your browser and the lock symbol in the browser line.

Optional information

If you voluntarily provide data to us in forms and these are not required for the performance of our contract, we process the data in the legitimate assumption that the processing and use of this data is in your interest

Recipient/Disclosure of data

Data that you provide to us will not be passed on to third parties. In particular, your data will not be passed on to third parties for their advertising purposes.

However, we may use service providers for the operation of these Internet pages or for other products or services from us. Here it may happen that a service provider obtains knowledge of personal data. We select our service providers carefully – particularly with regard to data protection and data security – and take all measures required under data protection law for permissible data processing.

Data processing outside the European Union

If personal data are processed outside the European Union, you can see this in the previous remarks.


All necessary technical and organizational security measures to protect your personal data from loss and misuse are taken by us. Your data is stored in a secure operating environment that is not accessible to the public. Your data is encrypted during transmission by so-called Transport Layers Security (TLS). This means that communication between your computer and our servers takes place using a recognised encryption method.

Existence of automated decision-making

As a responsible company, we dispense with automatic decision-making or profiling.

Data protection officer


Your rights as data subject

You have the right to obtain information about your personal data. You can contact us for information at any time.

In the case of a request for information which is not made in writing, we ask for your understanding that we may require proof from you that you are the person you claim to be.

Furthermore, you have the right to correction or deletion or to restriction of the processing to the extent to which you are legally entitled to do so.

Finally, you have the right to object to the processing within the framework of the statutory provisions. The same applies to a right to data transferability.

Deletion of data

As a matter of principle, we delete personal data when there is no need for further storage. In particular, a requirement may exist if the data is still required in order to fulfil contractual services, to check and grant warranty and any warranty claims or to be able to defend against them. In the case of statutory retention obligations, deletion shall only be considered after expiry of the respective retention obligation.

Right of appeal to a supervisory authority.

You have the right to complain to a supervisory authority about the processing of your personal data by us. The responsible supervisory authority depends on the federal state of your residence, your work or the presumed violation.

Modification of this privacy policy

We will revise this Privacy Notice as we make changes to this Site or for any other reason that makes it necessary to do so. You will always find the current version on this website.

Supplementary data protection information for applicants

We are pleased that you are interested in us and are applying or have applied for a job in our company. In the following, we would like to provide you with information on the processing of your personal data in connection with your application.

Which of your data are processed by us and for which purposes?

We process the data you have sent us in connection with your application in order to assess your suitability for the position (or any other open positions) and to complete the application process.

What is the legal basis for this?

Legal basis for the processing of your personal data in this application procedure is § 26 BDSG in the version valid from 25.05.2018. It allows the processing of the data required in connection with the decision to establish an employment relationship. Should the data be necessary for legal prosecution after completion of the application procedure, data processing may be carried out on the basis of the requirements of Art. 6 Para. (1) lit. f GDPR. , shall take place. Our interest then lies in the assertion or defence of claims. Further processing shall take place on the basis of Art. 6 Para. (1) lit. a an b GDPR.

How long is the data stored?

Data relating to candidates applying for internal posts shall be deleted after six months in the event of a refusal, provided that no other legitimate interests of the controller preclude such deletion.

If you have been accepted for a position as part of the application process, the data will be transferred to our personnel information system.

Data of applicants who apply for project-related positions will remain stored in our applicant pool for the entire duration of the placement, as is necessary for the fulfilment of the respective tasks in compliance with the statutory retention periods.

In addition, your data will be deleted after two years unless you have given us consent for further storage.

To which recipients will the data be forwarded?

We use a specially developed software solution for the application process.

Your applicant data will be reviewed by the personnel department after receipt of your application. Suitable applications are forwarded internally to the department heads for the respective open position. Then the further procedure is coordinated. As a matter of principle, only those persons within the company who need your data for the proper course of our application procedure have access to it.

We collect, store and process your transmitted personal data only to the extent necessary for the processing of inquiries or orders and you have previously consented. You have the right to revoke your consent at any time with effect for the future.

In order to provide you with the best possible support in your application efforts, we pass on your personal data to our affiliated company Mysupply Expertist Vertriebs GmbH in order to be able to check matching for other projects. Furthermore, your data will not be passed on to third parties without prior agreement. Any disclosure of data to third parties beyond the scope of consent will only take place if we are obliged to do so by mandatory statutory provisions or if you yourself determine this.

Where is the data processed?

Your applicant data will be processed exclusively in computer centres of the Federal Republic of Germany.

Consent Newsletter

With your application you have the possibility to subscribe to an e-mail newsletter on our website to inform you about new projects. In addition to the voluntary information in the respective form, we only process your e-mail address. However, this is also absolutely necessary.

In order to analyze the popularity of our newsletters and to optimize them, we log when e-mails are opened and links are clicked. This usage analysis is based on a weighing of interests. You can object to this processing by unsubscribing from the newsletter in order to be able to send you the newsletter.

Newsletter via CleverReach

We use the CleverReach component to send our newsletter. CleverReach is a service provided by CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany. Your data stored during newsletter registration (e-mail address, name, IP address if applicable, date and time of your registration) will be transferred to a server of CleverReach GmbH & Co. KG in Germany and stored there. You can view the data protection regulations of the shipping service provider under the following link: The legal basis for the appointment of the mail-order service provider is based on Art. 6 of the German Civil Code. para.1 lit.f) safeguard our legitimate interests and an order processing contract pursuant to Art. 28 para. 3 P.1 GDPR. The shipping service provider does not use the data of our newsletter recipients to write to them itself or to pass on data to third parties. You can unsubscribe from the newsletter at any time. Alternatively you will find a link to unsubscribe in every newsletter e-mail.

What rights do you have?

As an applicant with us, you have the following data protection rights, depending on the situation in the individual case, for the exercise of which you can contact us or our data protection officer at any time.


You have the right to obtain information about your personal data processed by us and to request a copy of this data. This includes information on the purpose of the use, the category of data used, their recipients and authorised persons and, if possible, the planned duration of the data storage or, if this is not possible, the criteria for determining this duration.

Correction, erasure or limitation of processing

You have the right to demand from us immediately the correction of incorrect personal data concerning you. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data – also by means of a supplementary declaration.

Right of Withdrawal

If the processing is based on a consent, you have the right to revoke the consent at any time, without affecting the legality of the processing based on the consent until revocation. For this purpose you can contact us or our data protection officer at any time under the above data.

Right of erasure

You have the right to demand that we delete your personal data immediately. We are obliged to delete personal data immediately.

This does not apply if the processing is necessary:

  • Fulfil a legal obligation which requires processing under the law of the Union or of the Member States to which we are subject.
  • Assertion, exercise or defence of legal claims.