Privacy Policy

1. Controller#

Atomity GmbH
Hermann-Löns-Straße 16
64625 Bensheim
Germany

Telephone: +49 1551 0701947
Email: info@atomity.de

2. Data-protection contact#

For questions regarding the processing of your personal data or the exercise of your rights, contact:

Email: legal@admin.atomity.de

3. General information on processing#

We process personal data only where this is necessary for the purposes described below. The applicable data categories, purposes, legal bases, recipients and retention periods are explained separately for each processing activity.

4. Hosting#

Our website and self-hosted business applications are operated on infrastructure supplied by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. Hetzner processes infrastructure and technical data on our behalf under an Article 28 GDPR data-processing agreement. The systems relevant to this website are hosted in Germany. Legal basis: our legitimate interest in the secure and efficient provision of the site (Art. 6(1)(f) GDPR).

5. Server log files#

When you visit the site, your browser automatically transmits data stored temporarily in a log file: IP address, date/time, requested file name and URL, referrer URL, browser and operating system, and access provider.

Purpose: Website delivery, troubleshooting, security and prevention of misuse.
Legal basis: Art. 6(1)(f) GDPR.
Legitimate interests: Secure and reliable operation of the website.
Retention: Server log files are normally deleted after 14 days. Logs required to investigate security incidents may be retained until the investigation is completed.

6. Fonts (locally hosted)#

Website fonts are stored locally on our infrastructure. Loading a page does not establish a connection to external font providers.

7. General and sales inquiries#

When you contact us, we process the information entered in the form, such as your name, business email address, company, telephone number and message. We use this information to respond to your inquiry and, where relevant, prepare or perform a contractual relationship. Form submissions are recorded in our self-hosted CRM system.

Legal basis: Art. 6(1)(b) GDPR for contractual or pre-contractual requests; otherwise Art. 6(1)(f) GDPR.
Retention: Kept for as long as needed to handle your inquiry; where a business relationship results, statutory retention periods apply (in particular § 257 HGB and § 147 AO, regularly up to 6 or 10 years).

8. Partner inquiries#

When you submit our partner form, we process your contact details, organization, role, proposed partnership information and your message. The information is stored in our self-hosted CRM and used to evaluate, communicate about and, where applicable, establish the proposed partnership.

Legal basis: Art. 6(1)(b) and/or Art. 6(1)(f) GDPR.
Retention: As in section 7; deleted once the purpose ceases and statutory retention periods have expired.

9. Email communication#

We operate our email environment using the self-hosted Mailcow platform on our infrastructure in Germany. We process sender and recipient information, message content, attachments, timestamps and technical delivery information for communication, security and mail delivery.

Legal basis: Art. 6(1)(b), Art. 6(1)(f) or, where applicable, Art. 6(1)(c) GDPR.
Retention: For the duration necessary for the communication and, beyond that, where statutory retention obligations apply to business correspondence.

10. User accounts and authentication#

Where you create or use an Atomity account, we process account information such as your name, business email address, user identifier, authentication credentials, OTP or multi-factor authentication information, login timestamps, IP address and security events. We operate our authentication service using self-hosted Keycloak infrastructure in Germany. Passwords are stored only as secure hashes.

Purposes: Account administration, authentication, access control and prevention of unauthorized access.
Legal basis: Art. 6(1)(b) and Art. 6(1)(f) GDPR.
Retention: For the duration of the account; security-related logs are kept for a period appropriate to the security purpose.

11. CRM and business administration#

We use a self-hosted Dolibarr installation to manage prospect, customer and partner information, communications, offers, contracts and business records. The information processed depends on the relevant business relationship and may include business contact details, communications, company information and transaction records.

Legal basis: Art. 6(1)(b), Art. 6(1)(c) and Art. 6(1)(f) GDPR.
Retention: According to the relevant business relationship and statutory retention periods.

12. Customer uploads and billing reports#

Authorized customer representatives may upload cloud-billing reports and related files for analysis or service delivery. We process the uploader’s account and contact information, file metadata and the uploaded content for the requested service.

Where uploaded files contain personal data for which the customer is responsible, Atomity processes that content on the customer’s behalf under the applicable Data Processing Agreement.

We use our self-hosted Nextcloud environment to provide scheduling links and manage appointments. We process your name, business email address, selected appointment time, time zone, meeting details and any information you voluntarily provide during booking.

The scheduling service is operated by Atomity on infrastructure hosted by Hetzner in Germany. No independent external scheduling provider receives the booking information.

Legal basis: Art. 6(1)(b) or Art. 6(1)(f) GDPR.
Retention: Appointment data is deleted once no longer needed for the appointment and its documentation.

14. Website analytics using Rybbit#

We use a self-hosted installation of Rybbit to understand how our public website is used and to improve its content and performance. Depending on the enabled configuration, this may include visited pages, referrer, date and time, browser and device characteristics, approximate geographic information, technical events and a shortened or temporarily processed IP address.

Rybbit is operated on our infrastructure in Germany and no independent analytics provider receives the analytics data. Session replay and persistent visitor identification are disabled.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the statistical evaluation and improvement of our website).
Retention: Analytics data is kept no longer than necessary for the evaluation purpose.

15. Cookies and similar technologies#

We use technically necessary cookies and similar technologies required for security, authentication, account sessions and the services expressly requested by users. These may include Keycloak authentication and session cookies. No consent is required for these under § 25(2) TDDDG.

Our self-hosted Rybbit configuration does not set analytics cookies or create a persistent visitor identifier.

Where a non-essential technology stores information on or accesses information from your device, it will not be activated until you have given consent. Consent can be withdrawn at any time with effect for the future.

16. Applications#

Information regarding the processing of applicant data, including processing through our self-hosted Dolibarr and Nextcloud systems, is provided in our Applicant Privacy Notice.

17. Recipients and processors#

Access is limited to authorized Atomity personnel who require the information for the relevant purpose. Hetzner Online GmbH supplies the hosting infrastructure and acts as our processor. Keycloak, Mailcow, Dolibarr, Rybbit and Nextcloud are software operated by Atomity and are not independent recipients of personal data.

18. International transfers#

The systems described in this policy are self-hosted on infrastructure located in Germany. We do not intentionally transfer the relevant personal data outside the European Economic Area unless this is separately disclosed and a valid transfer mechanism is in place.

19. Requirement to provide data#

Fields marked as mandatory are required to process the relevant request, create an account, arrange an appointment or provide the requested service. Without this information, we may be unable to process the request or provide the relevant function. Other fields are voluntary.

20. Automated decision-making#

We do not make decisions producing legal or similarly significant effects concerning website visitors, prospects, partners or account users solely through automated processing.

21. Your rights#

You have the rights of access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20), withdrawal of consent (Art. 7(3)) and objection to processing based on legitimate interests (Art. 21).

The applicability of individual rights depends on the relevant processing and legal basis. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.

Contact: legal@admin.atomity.de.

22. Right to lodge a complaint#

You have the right to lodge a complaint with a competent data-protection supervisory authority. Our principal supervisory authority is:

Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
Postfach 3163
65021 Wiesbaden
Germany
Email: poststelle@datenschutz.hessen.de

23. Data security#

We use appropriate technical and organisational measures designed to protect personal data against unauthorized access, loss, alteration and disclosure. These measures include encrypted transmission, role-based access controls, authentication controls, logging, backups and security-maintenance procedures, where applicable.

24. Updates to this Privacy Policy#

We may update this Privacy Policy when our processing activities, systems or legal obligations change. The version published on this page applies. The date of the latest update is shown at the beginning of the policy.