Privacy Policy

This privacy policy provides information about the processing of personal data when using our websites atwecreateatmosphere.com, in particular the sales websitesales.wecreateatmosphere.com, as well as the customer portal available there.

1. Data Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) is:

atmosphere GmbH
Im Mediapark 5b
50670 Cologne
Germany

Phone: +49 221 126 116 92
Email:atmosphere

2. Purposes and Legal Basis for Processing

We process personal data to the extent necessary, in particular for the following purposes:

Website Hosting and Security

We process technical data to provide our website, ensure its stability and security, analyze errors, and prevent misuse. In particular, server and access logs may be processed for this purpose.

Legal basis: Article 6(1)(f) of the GDPR

Processing Contact Requests

When you contact us via a contact form, by email, or by phone, we process the data you provide to handle your inquiry and communicate with you.

Legal basis: Article 6(1)(b) of the GDPR, insofar as the request relates to a contract or pre-contractual measures; otherwise, Article 6(1)(f) of the GDPR.

Customer Portal / Login

We provide a customer portal for customers with atmosphere365 active atmosphere365. In this context, we process account, login, and master data in particular, to the extent necessary for the provision and use of the portal.

Legal basis: Article 6(1)(b) of the GDPR

Security and Authentication Protocols in the Portal

To secure the customer portal, we process login and logout transactions, failed login attempts, and similar security events.

Legal basis: Article 6(1)(f) of the GDPR

Embedded videos

Videos may be embedded on our website and in the customer portal, for example via Vimeo. When you access or play embedded videos, personal data—such as your IP address, device information, browser information, referrer URL, and information about your video usage—may be transmitted to the respective video service.

To the extent that embedded videos are loaded only after consent has been given or the user has taken active action, the processing is based on Article 6(1)(a) of the GDPR and, where necessary, Section 25(1) of the TDDDG. If videos are technically necessary for the provision of a specifically requested function, the processing may be based on Article 6(1)(f) of the GDPR.

Multilingual website via Weglot

We use Weglot to provide our website in multiple languages. When you visit translated pages, technical data may be processed in order to display the appropriate language version and to enable the translation feature.

Legal basis: Article 6(1)(f) of the GDPR

Marketing, Audience Measurement, and Conversion Tracking

We use marketing and tracking technologies—only with your consent—including, in particular, theLinkedIn Insight Tag. This allows us to measure the effectiveness of our LinkedIn advertising campaigns, analyze website visits following ad clicks, track conversions, and create audiences for retargeting on LinkedIn.

Legal basis: Article 6(1)(a) of the GDPR. In addition, your consent is required under Section 25(1) of the TDDDG for the storage of information on your device or access to information stored on your device. According to Section 25(1) of the TDDDG, the storage of information on the end device or access to information stored there is generally only permitted with consent. (Laws on the Internet)

3. Categories of processed data

Depending on how you use our website and services, we process the following categories of personal data in particular:

  • Contact and communication information, such as name, email address, phone number, and message content

  • Account and master data in the customer portal, such as name, email address, phone number, address, and role information

  • Security and authentication data, such as login and logout times, and failed login attempts

  • Server and access logs, e.g., IP address, timestamp, requested URL, HTTP status, referrer, user agent

  • Usage and interaction data, to the extent that you have consented to marketing or tracking technologies, such as page views, referrer URLs, device and browser information, timestamps, and interactions with our website

  • Language and technical usage data related to the provision of multilingual website versions

4. Cookies and Similar Technologies

We use cookies and similar technologies to the extent necessary for the technical operation of the website and the customer portal, particularly for login, security, and session functions.

In addition, we only use marketing and tracking technologies if you have given your prior consent. This includes, in particular, theLinkedIn Insight Tag. You can give your consent, decline, or withdraw it later via our consent banner.

The LinkedIn Insight Tag enables us to measure the effectiveness of our LinkedIn advertising campaigns, analyze website visits following ad clicks, track conversions, and create audiences for retargeting on LinkedIn. In particular, information such as page views, referrer URLs, IP addresses, device and browser information, and timestamps may be processed. Under data protection law, the LinkedIn Insight Tag is classified as a relevant tracking tool; expert sources indicate that it should be listed in the privacy policy and generally integrated on a consent-based basis. (eRecht24)

You can withdraw your consent at any time via the cookie or consent settings, effective for the future.

5. LinkedIn Insight Tag

We use theLinkedIn Insight Tagfrom LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, on our website.

The LinkedIn Insight Tag is a tracking code that helps us measure the effectiveness of our LinkedIn advertising campaigns. In particular, it allows us to:

  • tracking website visits following clicks on LinkedIn ads,

  • the analysis of conversions, such as visits to specific pages or contact requests,

  • the creation of target groups for retargeting,

  • analysis of campaign performance.

In particular, the following data may be processed:

  • URL and referrer URL,

  • IP address,

  • Device and browser properties,

  • Timestamp,

  • Information about page views and interactions with our website.

Processing is carried out solely on the basis of your consent. The legal basis is Article 6(1)(a) of the GDPR. In addition, your consent under Section 25(1) of the TDDDG is required for storing information on your device or accessing information on your device.

You can withdraw your consent at any time via the cookie or consent settings, effective for the future.

6. Recipients and Service Providers

We engage service providers who may process personal data on our behalf or on their own behalf. These include, in particular:

atmosphere , Ltd. (Ireland)

Operation and hosting of website and portal features, account and log data, monitoring, and remote technical support.

Hosting / Cloud Infrastructure

AWS and Scaleway European Cloud for hosting, infrastructure, storage, and technical service delivery.

Squarespace

Deployment and operation of the sales website, website hosting, content management, and technical delivery of the website.

Weglot

Provision of multilingual website versions and technical processing of content for translation and delivery of the language versions.

Vimeo

Video service for embedding videos on a website or in a customer portal.

LinkedIn Ireland Unlimited Company

Marketing, conversion tracking, campaign measurement, and retargeting via the LinkedIn Insight Tag.

TeamViewer

Remote support software, if used in specific cases.

Dropbox

Content Delivery / CDN or file delivery, if used.

To the extent that service providers process personal data on our behalf, they do so on the basis of a data processing agreement in accordance with Article 28 of the GDPR, where necessary.

7. Transfers to third countries

Depending on the service providers used, the processing of personal data outside the European Union or the European Economic Area cannot be completely ruled out.

When using services such as LinkedIn, Vimeo, Squarespace, AWS, Dropbox, or other technical service providers, data may be transferred to companies or server locations outside the EU or the EEA—particularly to the United States—or such a transfer cannot be ruled out.

Where necessary, we ensure appropriate safeguards, in particular EU Standard Contractual Clauses and additional protective measures.

8. Retention Period and Deletion

We delete personal data as soon as it is no longer necessary for the purposes of processing and there are no legal retention requirements that prevent us from doing so.

As of now, the following deadlines apply in particular:

  • Server/access logs: up to 90 days

  • Security and authentication logs in the customer portal: up to 12 months

  • Contact requests not related to a contract: generally 24 months after the communication ends

  • Customer and account data: during the term of the contract; after the contract ends, data will be minimized or deleted in accordance with legal obligations

  • After 36 months of inactivity, personal contact information will be minimized, provided there are no outstanding claims, support cases, or legal obligations

We generally process data based on consent only for as long as consent remains in effect or until it is no longer necessary for the specific purpose. Withdrawal of consent does not affect the lawfulness of processing carried out prior to the withdrawal.

9. Access Controls and Security

Access to systems and personal data is organized on a role-based basis, such as for administration, support, and programming. Administrative and support access is restricted to a small number of authorized individuals. Backups of production systems are performed regularly.

There is an internal reporting and escalation process for security incidents that includes an assessment of whether personal data is affected, as well as documentation of the measures taken.

We take technical and organizational measures to protect personal data against loss, tampering, unauthorized access, and unauthorized disclosure.

10. Data Subject Rights

Depending on the legal requirements, you have the following rights:

  • Right to access information

  • Right to rectification

  • Right to erasure

  • Right to restriction of processing

  • Right to data portability

  • Right to object to certain processing activities

  • Right to withdraw consent with future effect

If the processing is based on your consent, you may withdraw that consent at any time with future effect. The lawfulness of the processing prior to withdrawal remains unaffected.

You also have the right to file a complaint with a data protection supervisory authority.

11. Right to object under Article 21 of the GDPR

To the extent that we process personal data on the basis of Article 6(1)(f) of the GDPR, you have the right to object to such processing at any time on grounds relating to your particular situation.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.

12. Changes to this Privacy Policy

We may update this Privacy Policy if there are changes to our features, the legal landscape, or the way we process data.

As of May 2026