Change Lightly - Turnaround & Transformation Management

#ProudlyEngineeredInEurope

Book appointment

Privacy Policy

BACK

For CHANGE LIGHT‑LY, the protection of personal data is the foundation of a trustworthy collaboration. Therefore, CHANGE LIGHT‑LY complies with all applicable data‑protection laws and continuously strives to improve data protection. CHANGE LIGHT‑LY is the responsible party for processing personal data on these websites under the German Federal Data Protection Act (“BDSG”) and the European General Data Protection Regulation (GDPR).

  1. Data Protection at a Glance

General Information
The following notes give a simple overview of what happens to your personal data when you visit this website. Personal data are any data that can identify you personally. Detailed information on data protection can be found in the privacy policy listed below this text.

Data collection on this website

Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. You can find the operator’s contact details in the “Information about the responsible party” section of this privacy policy.

How do we collect your data?
Your data are collected partly because you provide them to us—for example, when you fill out a contact form.

Other data are captured automatically—or with your consent—by our IT systems when you visit the site. This mainly includes technical data (e.g., web browser, operating system, time of page view). The collection occurs automatically as soon as you enter the website.

What do we use your data for?
Some data are gathered to ensure the website runs flawlessly. Other data may be used to analyse your user behaviour.

What rights do you have regarding your data?
You have the right at any time, free of charge, to obtain information about the origin, recipients and purpose of your stored personal data. You also have the right to request correction or deletion of those data. If you have given consent to data processing, you may withdraw that consent at any time for the future. Under certain circumstances you may also request restriction of processing of your personal data. Additionally, you have the right to lodge a complaint with the competent supervisory authority.

For this and any other data‑protection questions you may contact us at any time.

Hosting

We host the content of our website with the following provider:

Greenmark IT GmbH
Leinstraße 3
31061 Alfeld (Leine)
Germany

(Hereafter “Greenmark”)

When you visit our website, GREENMARK records various log files, including your IP addresses. Details can be found in GREENMARK’s privacy policy: https://www.do.de/agb/datenschutz/

GREENMARK processes the data on the basis of Article 6(1)(f) GDPR. We have a legitimate interest in presenting our website as reliably as possible. If consent is obtained, processing is solely based on Article 6(1)(a) GDPR and § 25(1) TTDSG, insofar as the consent covers cookie storage or access to information on the user’s device (e.g., device‑fingerprinting) under TTDSG. Consent can be withdrawn at any time.

  1. General Notices and Mandatory Information

Data Protection
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data‑protection regulations and this privacy policy.

When you use this website, various personal data are collected. Personal data are data that can identify you personally. This privacy policy explains which data we collect and why we use them, as well as how and for what purposes this occurs.

We point out that data transmission over the internet (e.g., email communication) can have security gaps. Complete protection of data from third‑party access is not possible.

Notice about the Responsible Party
The responsible party for data processing on this website is:

CHANGE LIGHT‑LY
Colditzstraße 33
12099 Berlin
Germany

Email: info@change-lightly.eu

The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g., names, email addresses).

Retention Period
Unless a more specific retention period is stated in this privacy policy, your personal data remain with us until the purpose for processing ceases. If you assert a legitimate right to erasure or withdraw consent, your data will be deleted unless we have other legally permissible reasons to retain them (e.g., tax or commercial retention periods); in the latter case, deletion occurs once those reasons no longer apply.

General Information on the Legal Bases for Processing on This Website
If you have consented to data processing, we process your personal data on the basis of Article 6(1)(a) GDPR or Article 9(2)(a) GDPR when special categories of data under Article 9(1) GDPR are processed. If you expressly consent to transferring personal data to third countries, processing also relies on Article 49(1)(a) GDPR. If you have consented to cookie storage or access to information on your device (e.g., device‑fingerprinting), processing additionally rests on § 25(1) TTDSG. Consent can be withdrawn at any time. When your data are necessary for contract performance or pre‑contractual measures, we process them under Article 6(1)(b) GDPR. We also process data when required to fulfil a legal obligation under Article 6(1)(c) GDPR. Processing may further be based on our legitimate interest under Article 6(1)(f) GDPR. The specific legal bases applicable in each case are explained in the following sections of this privacy policy.

Recipients of Personal Data
In the course of our business we work with various external parties. Sometimes a transfer of personal data to these external parties is required. We disclose personal data to external parties only when it is necessary for contract fulfilment, when we are legally obliged (e.g., reporting to tax authorities), when we have a legitimate interest under Article 6(1)(f) GDPR, or when another legal basis permits the transfer. When using sub‑processors, we share customers’ personal data only under a valid data‑processing agreement. In the case of joint processing, a joint‑controller agreement is concluded.

Revocation of Your Consent to Data Processing
Many processing activities are only possible with your explicit consent. You may withdraw any previously given consent at any time. The legality of processing that occurred before withdrawal remains unaffected.

Right to Object to Data Collection in Special Cases and to Direct Marketing (Art.21 GDPR)
IF DATA PROCESSING IS BASED ON ARTICLE 6(1)(e) OR (f) GDPR, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING THAT RELIES ON THESE PROVISIONS. THE LEGAL BASIS FOR EACH PROCESSING ACT IS SET OUT IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPULSORY PROTECTIVE REASONS THAT OVERWEIGH YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THAT THE PROCESSING IS NECESSARY FOR THE ASSERTION, EXERCISE OR DEFENSE OF LEGAL CLAIMS (OBJECTION ACCORDING TO ARTICLE 21(1) GDPR).

WHEN YOUR PERSONAL DATA ARE PROCESSED FOR DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO SUCH PROCESSING FOR THE PURPOSE OF SUCH MARKETING; THIS ALSO COVERS PROFILING THAT IS LINKED TO DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NOT BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION ACCORDING TO ARTICLE 21(2) GDPR).

Right to Lodge a Complaint with the Competent Supervisory Authority
In case of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, particularly in the member state of their habitual residence, workplace, or the location of the alleged infringement. This right exists without prejudice to other administrative or judicial remedies.

Right to Data Portability
You have the right to receive, in a commonly used, machine‑readable format, the data we process automatically on the basis of your consent or in fulfillment of a contract, and to transmit them to yourself or a third party. If you request direct transmission of the data to another controller, this will be done only where technically feasible.

Access, Rectification and Deletion
Under applicable law you have the right at any time, free of charge, to obtain information about your stored personal data, their origin, recipients and the purpose of processing, and, where applicable, to request correction or deletion. For this and any other questions concerning personal data you may contact us at any time.

Right to Restriction of Processing
You have the right to request restriction of processing of your personal data. You may exercise this right at any time by contacting us. Restriction applies in the following cases:

  • If you dispute the accuracy of the personal data we store, we generally need time to verify it. During the verification period you may request restriction of processing.
  • If the processing of your personal data was/has been unlawful, you may request restriction instead of deletion.
  • If we no longer need your personal data but you require it for the assertion, defence or enforcement of legal claims, you may request restriction instead of deletion.
  • If you have lodged an objection under Article 21(1) GDPR, a balancing of your interests against ours must be performed. Until it is clear whose interests prevail, you may request restriction.

When processing is restricted, the data may be used only with your consent or for asserting, exercising or defending legal claims, protecting the rights of another natural or legal person, or for reasons of important public interest of the EU or a Member State.

SSL/TLS Encryption
For security reasons and to protect the transmission of confidential content (e.g., orders or inquiries you send to us as site operators), this site uses SSL/TLS encryption. You can recognise a secure connection by the address bar changing from “http://” to “https://” and by the padlock icon in your browser.

When SSL/TLS encryption is active, the data you transmit to us cannot be read by third parties.

  1. Data Collection on This Website

Consent with Usercentrics
This website uses Usercentrics’ consent technology to obtain your consent for storing certain cookies on your device or for employing certain technologies, and to document that consent in a GDPR‑compliant way. The provider is Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, website: https://usercentrics.com/de/ (hereafter “Usercentrics”).

When you enter our site, the following personal data are transferred to Usercentrics:

  • Your consent(s) or withdrawal thereof
  • Your IP address
  • Browser information
  • Device information
  • Timestamp of your visit
  • Geolocation

Usercentrics also places a cookie in your browser to associate the consents you gave (or withdrew). These data are retained until you request deletion, delete the Usercentrics cookie yourself, or the purpose for storage ends. Mandatory legal retention obligations remain unaffected.

The Usercentrics banner on this site was configured using eRecht24, recognizable by the eRecht24 logo displayed. To display the logo, a connection to eRecht24’s image server is made, which also transmits the IP address (stored only in anonymised form in server logs). The image server is located in Germany, operated by a German provider. The banner itself is supplied exclusively by Usercentrics.

Usercentrics is used to obtain the legally required consents for employing certain technologies. The legal basis is Article 6(1)(c) GDPR.

Data Processing Agreement
We have concluded a data‑processing agreement (AVV) for the use of the above service. This contract ensures that the provider processes the personal data of our website visitors only under our instructions and in compliance with the GDPR.

Contact Form
When you submit inquiries via our contact form, the information you provide—including your contact details—is stored for handling the request and any follow‑up questions. We do not share these data without your consent.

Processing is based on Article 6(1)(b) GDPR when your inquiry relates to contract performance or pre‑contractual measures. In all other cases, processing relies on our legitimate interest in efficiently handling incoming requests (Article 6(1)(f) GDPR) or on your consent (Article 6(1)(a) GDPR), which may be withdrawn at any time.

The data entered in the contact form remain with us until you request deletion, withdraw consent to storage, or the purpose for storage ends (e.g., after your request has been fully handled). Mandatory legal provisions—especially retention periods—remain unchanged.

Inquiries by Email, Phone or Fax
If you contact us by email, phone or fax, the request—including any personal data contained (name, inquiry, etc.)—is stored and processed for handling your matter. We do not share these data without your consent.

Processing is based on Article 6(1)(b) GDPR when the inquiry relates to contract performance or pre‑contractual steps. Otherwise, it is based on our legitimate interest in efficiently handling inquiries (Article 6(1)(f) GDPR) or on your consent (Article 6(1)(a) GDPR), which can be withdrawn at any time.

The data you send to us remain with us until you request deletion, withdraw consent to storage, or the purpose for storage ends (e.g., after your request is completed). Mandatory legal provisions—particularly statutory retention periods—remain unchanged.