We take privacy at Changers very seriously and would like to inform below about the nature, scope and purpose of the processing of personal data (hereinafter “data”) when using our Changers offer.
2. Provider and contact person
Responsible for the collection, processing and use of personal data as part of the Changers platform deployment:
D-10623 Berlin, Germany
Managing director: Daniela Schiffer
District Court Charlottenburg HRB 185884 B
VAT ID. DE 282 11 63 39
3. Collection, processing and use of personal data for the operation of Changers platform
3.1 Use of the Changers CO2 fit platform and services
With the help of our Changers CO2 fit offers, distances travelled can be recorded according to your mobility type. These are running, cycling, the use of public transport, cars or planes. For sustainable mobility types such as running, cycling and using public transport, you’ll get rewarded with Changers bonus points. In addition, you can record sustainable and healthy activities in the categories of Healthy Nutrition, Sport and Exercise, Prevention and Seminar and Sustainability and thus also earn bonus points (ReCoins). Depending on the offer of your employer, you can use these bonus points to buy coupons for bonuses in the app or to take part in raffles. In addition, the participation of employees can be combined with individual donation projects or tree planting projects. We host walking and cycling competitions and you can playfully measure yourself with your colleagues. The teams are determined by your company in advance and you can join them or not.
All information in the Changers App and on the Challenge Microsite is voluntary and processing of this data only takes place at your explicit consent.
The Blacksquared GmbH can contact you via Push-Notification or Newsletter, while you are logged in with your user account, for example to inform you about the winners of the last challenge, if you have planted a tree, purchased a lot or voucher or in order to provide you with recommendations and suggestions for the further use of Changers. For this purpose, you need to explicitly confirm the receipt of push notifications in the settings of your device and an email address has been provided. This kind of contact is also made exclusively within the framework of and during the period of use of the Changers App or Challenge Microsite.
3.2 General explanations
In order to use the Changers CO2 fit app or a company challenge microsite, you must create an account with Changers and register successfully with a name and email address.
We will not share your personal data with third parties. Excluded from this are exclusively our service and contracting partners who are employed in the course of the execution of the contractual relationship and companies that serve Blacksquared GmbH as a cooperation partner. Since the anonymization of your data is as such a processing of your personal data, we would like to obtain your permission to do so with this declaration.
3.3 Registration information and other personal information of users
If you register as a user of the Changers app, you will need to provide us with an e-mail address that will serve as a login ID, name and surname, and a secret password that will be stored in our system ( “registration information”). In order to use the full functionality of the services, you may also provide additional personal details such as a profile picture, your location, your gender and date of birth.
Setting up a user account and using the Changers platform is also possible using a pseudonym. Thus, the username for the registration can be chosen freely and does not have to match the actual name of the user. By registering in the app, we store your account data and date and time of your registration on the servers of our service provider Domain Factory, based in Cologne, Germany.
3.3.1 Registration via a company challenge microsite
For participants of an operational CO2 Challenge, it is also possible to register without a smartphone and to use Changers services. Here the corresponding registration information is collected via a company challenge microsite (https://company.changers.com), whereby the user must enter the e-mail address, name, last name as well as a secret password.
3.4 Collection of location and movement data by the Changers app (tracking)
The Changers app allows users to collect data about their use of more or less CO2-saving means of transport for certain routes and to evaluate the carbon footprint of such activities (CO2 Challenge). The personal data will be used to validate the journeys travelled in the corresponding mobility type and to calculate the bonus points (ReCoins) to be awarded.
The Changers App uses among others GPS and locating services of the respective mobile devices or the navigation software used by the smartphones to determine the respective current location of the users, to measure the distance covered and to verify the information provided by the users means of transport by comparing with maps and other publicly available data.
3.4.1 How to measure the distances traveled?
There are five different ways to measure our journeys for your employees:
Manual tracking with the app.
The user selects a corresponding mobility icon on the home screen of the app. By clicking on the start button the distance measurement via GPS is started. After the respective distance has been covered, the measurement must be terminated by pressing the Stop button. The screen shows the kilometers covered, the average speed, the CO2 balance and the earned bonus points.
Semi-automatic tracking via pedometer and Health App / Google Fit
The pedometer integrated in the smartphone is connected to the Changers CO2 fit app. The Changers app receives the number of steps recorded by the smartphone and calculates the distance traveled. All other types of mobility will continue to be recorded manually as described under point 1 and 5. On Apple iPhones, we use the connection to the Apple Health App and record steps, distance and bike rides. On Android phones, we offer all users who have also downloaded the Google Fit app the ability to track steps, distance and cycling through the Google fit app and sync with the Changers app.
Integration of Fitness Trackers
Existing third-party fitness trackers can be connected to the Changers CO2 fit app. Changers supports the systems of Garmin, Fitbit, Jawbone and Misfit, whose devices are controlled via a proprietary app. The Changers CO2 fit app receives the number of steps and calculates the distance traveled from the fitness tracker app. Furthermore, depending on the feature set of the third party source, the kilometers cycled and the number of floors climbed can be synced with Changers. All other types of mobility will still be recorded manually, as described in 1 and 5.
Fully automatic tracking
There are two options for the automatic tracking of all your journeys in the Changers CO2 fit App:
You can track all the distances covered, whether by bike or motorized by bus, train, car or plane.
If you like cycling with a Garmin watch or your favorite app such as Strava or Endomondo, then you can also use the “only track motorized mobility option, this means all your bus and train rides, car rides and flights are automatically measured.
We use the technology from MotionTag to measure all your journeys.
With the help of machine learning, MotionTag develops intelligent mobility solutions, that measure mobility data in real time and differentiate mobility types. This technology is also used, for example, in apps by transport companies for smart ticketing. The collected data can be used by MotionTag to map, for example, anonymous and cumulative traffic metrics such as a modal split or a heat map of all traveled distances in a region. In this way, transport infrastructure projects can be better adapted and planned to meet the actual needs of travelers. MotionTag is a German company based in Potsdam and hosts and processes the data in Germany in accordance with the provisions of the German Consumer Protection Act (GDPR).
Manual Entry of Motorized Mobility Types in the Changers CO2 fit App
In the Changers CO2 fit app, it is also possible to record distances by car, train and plane either by entering a total distance in kilometers or by selecting a start and arrival location.
Manual entry of journeys via the Challenge Microsite
All employees have the option to manually add activities via the challenge microsite company.changers.com. For the data storage in third-party devices, apps and portals such as fitness trackers, fitness watches or fitness apps, the privacy conditions of the respective manufacturer always apply. Also, the privacy conditions of the operator of the respective app store may be relevant. The operator wants to give the user full control over his or her personal data. The legal claim of the user for information, correction and deletion of data remains unaffected. The deletion of the user’s personal mobility data does not include the aggregated and anonymized data collected by the operator to collect statistics on collective mobility data and CO2 savings of the Changers community.
3.4.2 How are Mobility Types differentiated?
The measurements of the routes take place in the smartphone. For this purpose, we have defined parameters that the smartphone queries after the distance has been measured. These include speed and acceleration values, which distinguish running and cycling in particular from the use of motorized vehicles. If the app detects a supposed cheating, a friendly hint is displayed, to manually assign the journey just recorded to another mobility type more suitable for the values or completely discard it.
3.5 Which data do the participating companies receive?
On the company challenge website and on the administration interface for participating organizations, we provide an overview of up to date information and evaluations of activities in the ongoing challenge. We only show cumulated data is passed on cumulatively. We exclude the disclosure of data of individual employees to third parties.
The results are provided for the entire company and for individual teams and include:
3.6 Contact via our contact form or helpdesk
If you would like to contact us via the contact form on our website, we use your first and last name, your e-mail address and your message sent to us to process your request according to. Art. 6 para. 1 lit. b) GDPR. There is no link to the data collected in the app. Your information can be stored in our Customer Relationship Management System (“CRM System”) or comparable inquiry organization.
We use the CRM system “Helpdesk”, from the provider Zendesk, Inc.-1019 Market St, San Francisco, CA 94103, USA) based on our legitimate interests (efficient and fast processing of user requests). For this purpose, we have entered into a contract with Zendesk with so-called standard contractual clauses, in which Zendesk commits itself to processing user data only in accordance with our instructions and compliance with the EU data protection standard. Zendesk is also certified under the Privacy Shield Agreement, providing an additional guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000KzX1AAK&status=Active).
We will delete requests if they are not needed anymore. We check the necessity every two years; We permanently store inquiries from customers who have a customer account, and refer to the deletion on the details of the customer account. In the case of legal archiving obligations, the deletion takes place after its expiration (end of commercial law (6 years) and tax law (10 years) retention obligations).
If you subscribe to our newsletter, we will save your e-mail address and optionally your name for the personal address and use it to send the newsletter. Your e-mail address will not be published or disclosed to third parties.
You can unsubscribe from our newsletter at any time via a link included in each issue. We will delete your e-mail address from our mailing list.
3.7.1 Shipping Providers
4. Legal bases
4.1 Collaboration with processors and third parties
If, in the context of our processing, we disclose data to other persons and companies (contract processors or third parties), transmit them to them or otherwise grant access to the data, this will only be done on the basis of a legal permission (ie. if a transmission of the data to third parties, as required by payment service providers, pursuant to Art. 6 (1) (b) GDPR to fulfill the contract), you have consented to a legal obligation or based on our legitimate interests (ie. the use of agents, webhosters, etc.).
If we commission third parties to process data on the basis of a so-called “contract processing contract”, this is done on the basis of Art. 28 GDPR.
4.2 Transfers to third countries
If we process data in a third country (ie outside the European Union (EU) or the European Economic Area (EEA)) or in the context of the use of third party services or disclosure or transmission of data to third parties, this will only be done if it is to fulfill our (pre) contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only in the presence of the special conditions of Art. 44 et seq. GDPR. That manes, that the processing is e.g. on the basis of specific guarantees, such as the officially recognized level of data protection (ie. for the US through the Privacy Shield) or compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”).
4.3 Cookies & reach measurement
Cookies are information transmitted from our web server or third-party web servers to users’ web browsers and stored there for later retrieval. Cookies can be small files or other types of information storage.
We use “session cookies” that are only stored for the duration of the current visit to our online presence (for example, to enable the storage of your login status or the shopping cart function and thus the use of our online offer at all). In a session cookie, a randomly generated unique identification number is stored, a so-called session ID. In addition, a cookie contains information about its origin and the retention period. These cookies can not save any other data. Session cookies will be deleted if you have finished using our online offer and you have e.g. log out or close the browser.
If users do not want cookies stored on their computer, they will be asked to disable the option in their browser’s system settings. Saved cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.
4.4 Collection of access data and log files
Based on our legitimate interests within the meaning of Art. 6 para. 1 lit. f. GDPR we collect data about every access to the server on which this service is located (so-called server log files). The access data includes name of the retrieved web page, file, date and time of retrieval, amount of data transferred, message about successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider ,
Logfile information is stored for security purposes (for example, to investigate abusive or fraudulent activities) for a maximum of seven days and then deleted. Data whose further retention is required for evidential purposes shall be exempted from the cancellation until final clarification of the incident.
4.5 Online presence in social media
We maintain an online presence within social networks and platforms in order to communicate with customers, prospects and active users and to inform them about our services. When calling the respective networks and platforms, the terms and conditions and the data processing guidelines apply to their respective operators.
4.6 Google Analytics
Google is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European privacy legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
The Changers CO2 fit app uses Google Analytics for mobile apps, a web analytics service provided by Google Inc. (1600 Amphitheater Parkway Mountain View, CA 94043, USA, “Google”). Google Analytics for mobile apps collects anonymous metrics that enable you to analyze how this app is used. Google Analytics for mobile apps uses unique identifiers of the device for the recognition of terminal devices, which are transmitted only anonymously. IP addresses are only processed in anonymous form. The information about the use of this app is usually transmitted to a Google server in the US and stored there. You can always turn off the tracking of analytics services like Google Analytics in the app settings.
Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on the activities within this online offer and to provide us with further services related to the use of this online offer and the internet usage. In this case, pseudonymous usage profiles of the users can be created from the processed data.
We use Google Analytics to display advertisements posted within Google and its affiliate advertising services, only to users who have shown an interest in our online offering or who have certain characteristics (ie, interest in specific topics or products on hand) visited websites), which we submit to Google (so-called “Remarketing” or “Google Analytics Audiences”). With Remarketing Audiences, we also want to make sure that our ads are in line with the potential interest of users and are not annoying.
We only use Google Analytics with activated IP anonymization. This means that the IP address of the users will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there.
The IP address provided by the user’s browser will not be merged with other Google data. Users can prevent cookies from being stored by setting their browser software accordingly; Users may also prevent the collection by Google of the data generated by the cookie and related to their use of the online offer as well as the processing of such data by Google by downloading and installing the browser plug-in available under the following link: (https: //tools.google.com/dlpage/gaoptout?hl=de).
Weitere Informationen zur Datennutzung durch Google, Einstellungs- und Widerspruchsmöglichkeiten erfahren Sie auf den Webseiten von Google: https://www.google.com/intl/de/policies/privacy/partners (“Datennutzung durch Google bei Ihrer Nutzung von Websites oder Apps unserer Partner”), https://policies.google.com/technologies/ads (“Datennutzung zu Werbezwecken”), https://adssettings.google.com/authenticated (“Informationen verwalten, die Google verwendet, um Ihnen Werbung einzublenden”).
For more information about Google’s data usage, hiring and opt-out options, please visit Google’s websites: https://www.google.com/intl/en/policies/privacy/partners (“Google’s use of your data when you use websites or apps our partners”), https://policies.google.com/technologies/ads (“Advertising Usage Data”), https://adssettings.google.com/authenticated (” Managing Information Using Google, to show you advertising “).
On the basis of our legitimate interests (ie. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 (1) lit. GDPR) we use the marketing and remarketing services (in short “Google Marketing Services”), of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA, (“Google”).
Google is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European privacy legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google Marketing Services allows us to better target advertisements for and on our website so that we only present to advertisers ads that are potentially in their interests. If we show ie. ads of a product he or she has been interested in on other websites, this is called “remarketing”.
For these purposes, when Google and our or other websites that use Google Marketing Services are activated, Google will immediately execute a Google code and become so-called (re) marketing tags (invisible graphics or code, also known as “Web Beacons”) incorporated into the website. With their help, the user is provided with an individual cookie, this means a small file (instead of cookies, comparable technologies can also be used). The cookies can be set by different domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. In this file is noted which web pages the user visited, for what content he is interested and what offers he has clicked, as well as technical information about the browser and operating system, referring web pages, visit time and other information on the use of the online offer.
The IP address of the users is also recorded, whereby in the context of Google Analytics we announce that the IP address is shortened within the member states of the European Union or in other contracting states of the European Economic Area and only in exceptional cases completely transferred to a Google server in the US and shortened there. The IP address will not be merged with data of the user within other offers from Google. The above information may also be linked by Google with such information from other sources. If the user then visits other websites, they can be displayed according to his interests, the ads tailored to him.
Also we can use the service “Google Optimizer”. Google Optimizer allows us to understand how various changes to a website (such as changes to the input fields, the design, etc.) can take place in so-called “A / B testings”. Cookies are stored on users’ devices for these purposes. Only pseudonymous data of the users are processed.
In addition, we may use the “Google Tag Manager” to integrate and manage the Google Analytics and Marketing Services on our website.
If you wish to opt-out of interest-based advertising through Google Marketing Services, you can use Google’s recruitment and opt-out options: https://adssettings.google.com/authenticated.
4.8 Integration of services and contents of third parties
Based on our legitimate interests (ie interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 (1) lit. GDPR), we make use of content or services offered by third-party providers in order to provide their content and services, such as videos or fonts (collectively referred to as “content”). This always presupposes that the third-party providers of this content perceive the IP address of the users, since they can not send the content to their browser without the IP address. The IP address is therefore required for the presentation of this content. We endeavor to use only content whose respective providers use the IP address solely for the delivery of the content.
Third parties may also use so-called pixel tags (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may include, but is not limited to, technical information about the browser and operating system, referring web sites, visit time, and other information regarding the use of our online offer.
The following presentation provides an overview of third-party providers as well as their contents, as well as links to their data protection statements, which contain further information on the processing of data and, for already mentioned here, contradictory possibilities (so-called opt-out) contain:
If our customers use the payment services of third parties (for example, PayPal or Sofortüberweisung), the terms and conditions and the privacy notices of the respective third party, which are available within the respective websites, or transactional applications.
4.9 Relevant Legal Bases
In accordance with Art. 13 GDPR, we inform you about the legal basis of our data processing. Unless the legal basis in the data protection declaration is not mentioned, the following applies: The legal basis for obtaining consent is Article 6 (1) lit. a and Art. 7 GDPR, the legal basis for the processing to perform our services and the execution of contractual measures as well as the response to inquiries is Art. 6 (1) lit. b GDPR, the legal basis for processing in order to fulfill our legal obligations is Art. 6 (1) lit. c GDPR, and the legal basis for processing in order to safeguard our legitimate interests is Article 6 (1) lit. f GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as legal basis.
4.10 Revocation, changes, corrections and updates
As a user, you have the right, upon request, to receive information free of charge about the personal data that has been stored about you. In addition, you have the right to correct inaccurate data, as well as the blocking and deletion of your personal data, as far as no legal duty from our side stand against. You can find our contact details here (https://changers.com/imprint.html).
4.11 Safety measures
We take appropriate technical measures in accordance with Art. 32 GDPR, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different likelihood and severity of the risk to the rights and freedoms of natural persons and organizational measures to ensure a level of protection appropriate to the risk; Measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as their access, input, disclosure, availability and separation.
In addition, we have established procedures that ensure the enjoyment of data subject rights, data erasure and data vulnerability. Furthermore, we consider the protection of personal data already in the development, or selection of hardware, software and procedures, according to the principle of data protection by technology design and by privacy-friendly default settings taken into account (Article 25 GDPR).
The security measures include, in particular, the encrypted transfer of data between your browser and our servers, and between the mobile apps and our servers.
4.12 Data Protection Officer
Our data protection officer for Blacksquared GmbH is:
You can contact our company data protection officer by mail to:
Personal / confidential
D-10623 Berlin, Germany