Privacy Policy

This privacy notice provides information about the processing of personal data when using our websites atwecreateatmosphere.com, in particular the sales website, as well as the customer portal available there.

1. Data Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) is:

atmosphere GmbH
Im Mediapark 5b
50670 Cologne
Germany

Phone: +49 221 126 116 92
Email:atmosphere

2. Purposes and Legal Basis

We process personal data as necessary, in particular for the following purposes:

Operation and security of the website
(server/access logs, IT security, error analysis, prevention of misuse)
Legal basis: Art. 6(1)(f) GDPR

Processing of contact requests
(contact form, email communication)
Legal basis: Art. 6(1)(b) GDPR and/or Art. 6(1)(f) GDPR

Customer Portal / Login
(for customers with atmosphere365 active atmosphere365 only)
Legal basis: Art. 6(1)(b) GDPR

Security and authentication protocols on the
portal (login/logout processes, failed logins)
Legal basis: Article 6(1)(f) of the GDPR

Embedded videos on the
portal (e.g., demo videos via Vimeo)
Legal basis: Article 6(1)(a) of the GDPR, provided that content is loaded only after user interaction; otherwise, Article 6(1)(f) of the GDPR, only to the extent technically necessary

3. Categories of processed data

Depending on how you use our services, we process the following information in particular:


  • contact and communication information (e.g., name, email address, phone number, message content)

  • Account and master data on the
    portal (e.g., name, email address, phone number, address, role information)

  • Security and authentication data
    (e.g., login/logout times, failed logins)

  • Server and access logs
    (e.g., IP address, timestamp, requested URL, HTTP status, referrer, user agent)

4. Cookies and Similar Technologies

As of now, we do not use any marketing or tracking tools. Cookies—if used at all—are used only to the extent necessary for the technical operation of the website and the customer portal, particularly for login and security functions.

5. Recipients and Service Providers

We use service providers who process data on our behalf (Art. 28 GDPR). These include, in particular:

  • atmosphere , Ltd. (Ireland)
    Operation and hosting of website and portal features, account and log data, monitoring, and remote technical support

  • Hosting / Cloud Infrastructure
    , AWS, and Scalloway European Cloud

  • TeamViewer
    Remote support software, if used

  • Vimeo
    Video service for embedded videos on the portal

  • Dropbox
    Content Delivery Network (CDN), if used

6. Transfers to third countries

Depending on the service providers used, processing outside the EU or the EEA cannot be completely ruled out. Where necessary, we ensure appropriate safeguards, in particular EU Standard Contractual Clauses and additional protective measures.

7. Retention Period and Deletion

We delete personal data as soon as it is no longer necessary for the purposes of processing and there are no legal retention requirements that prevent us from doing so.

As of now, the following deadlines apply in particular:

  • Server/access logs: up to 90 days

  • Security and authentication logs in the portal: up to 12 months

  • Contact requests not related to a contract: generally 24 months after the communication ends

  • Customer and account data: during the term of the contract; after the contract ends, data will be minimized or deleted in accordance with legal obligations

  • After 36 months of inactivity, personal contact information will be minimized, provided there are no outstanding claims, support cases, or legal obligations

8. Access Controls and Security

Access is organized on a role-based basis, such as for administration, support, and programming. Admin and support access is restricted to a small number of authorized individuals. Backups of production systems are performed regularly.

There is an internal reporting and escalation process for security incidents that includes an assessment of whether personal data is affected and documentation of the measures taken.

9. Rights of Data Subjects

Depending on the legal requirements, you have the right to:

  • Information

  • Correction

  • Deletion

  • Restriction of processing

  • Data portability

  • Objection

  • Withdrawal of consent with future effect

You also have the right to file a complaint with a data protection supervisory authority.

10. Changes to this Privacy Policy

We may update this Privacy Policy if there are changes to our features, the legal landscape, or the way we process data.