Attivita logo

Privacy Policy

Last updated: April 30, 2026

B2B Focus: This privacy policy is specifically designed for business customers, resellers and IT system houses.

1. Introduction

Attivita GmbH (hereinafter "we", "us" or "our company") takes the protection of your personal data very seriously. This privacy policy informs you about the nature, scope and purposes of the collection and use of personal data by us as the controller within the meaning of the EU General Data Protection Regulation (GDPR). Since we operate exclusively in the B2B sector, this declaration is addressed to business customers, resellers and IT system houses.

2. Controller

The controller within the meaning of the GDPR is:

Attivita GmbH

Von-Galen-Str. 75, 33378 Rheda-Wiedenbrück, Germany

Email: info@attivita.de

Managing Director: Andreas Zurlo

If you have any questions about data protection, you can contact us at any time.

3. Data Protection Officer

If you have any questions about data protection, please contact:

Email: info@attivita.de

4. Data Processing on Our Website

4.1 Log Files

Information is automatically stored in server log files every time our website is accessed. This includes: IP address, date and time of request, amount of data transferred, browser type and version, operating system, referrer URL. The legal basis is Art. 6 para. 1 lit. f GDPR (legitimate interest in system security and optimization). The data is automatically deleted after 30 days.

4.2 Cookies

Our website uses technically necessary cookies to ensure functionality. These cookies are set on the basis of Art. 6 para. 1 lit. f GDPR. You can deactivate cookies in your browser settings, but this may impair the functionality of the website.

4.3 Contact Form

When using our contact form, we process the data you provide (name, email address, message) to handle your inquiry. The legal basis is Art. 6 para. 1 lit. b GDPR (contract initiation) or Art. 6 para. 1 lit. f GDPR (legitimate interest in customer service).

5. Consent Management (TDDDG/EinwV)

In compliance with the German Telecommunications Digital Services Data Protection Act (TDDDG, Section 25) and the Consent Management Ordinance (EinwV, effective April 2025), we require prior opt-in consent for non-essential cookies and tracking technologies. Our cookie consent banner allows you to manage your preferences for analytics and functional cookies. Technically necessary cookies are set on the basis of Art. 6 para. 1 lit. f GDPR and Section 25 para. 2 TDDDG without consent, as they are essential for the operation of our website.

5. Processing of Business Data

5.1 Customer Data

As a B2B distributor, we process the following categories of business data: Company data (company name, address, commercial register number), contact data of contact persons (name, email, telephone), contract data, billing data, communication data. Processing is carried out to fulfill contracts (Art. 6 para. 1 lit. b GDPR) and to fulfill legal obligations (Art. 6 para. 1 lit. c GDPR).

5.2 API Integration

When using our API, technical data for authentication and processing of license requests is processed. This includes API keys, transaction data and system logs. The legal basis is Art. 6 para. 1 lit. b GDPR (contract fulfillment).

5.3 Retention Periods

Business data is stored in accordance with statutory retention periods (usually 10 years according to commercial and tax law). Communication data is deleted after the purpose has been fulfilled, at the latest after 3 years.

6. Analytics and Tracking

Google Analytics 4 (GA4)

We use Google Analytics 4, a web analytics service provided by Google Ireland Limited, to analyze the usage of our website and optimize our B2B services for business customers, resellers, and IT system houses.

Data Collected:

  • Anonymized IP addresses (through IP anonymization)
  • Page views, dwell time, and click paths
  • Device information (browser, operating system, screen resolution)
  • Referrer URLs (which site you came from)
  • General geographic information (country/region)

This data helps us improve user experience, identify popular content, and optimize our website performance for B2B customers. All data is used in aggregated, anonymized form.

Data Transfer to Google

Google Analytics processes data on servers in the USA and other countries. Google is certified under the EU-US Data Privacy Framework and ensures an adequate level of data protection.

Legal Basis

Processing is based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in analyzing website usage for business optimization. Since we operate exclusively in the B2B sector, our interest in market analysis outweighs the data protection interests of our business customers.

Retention Period

Google Analytics data is automatically deleted after 14 months by default. Cookie data on your device has a lifetime of 24 months.

Opt-out Options

You can object to data collection by Google Analytics in various ways:

Browser Plugin

Install the official Google Analytics Opt-out Browser Add-on:

Disable Google Analytics

Cookie Settings

Disable analytics cookies through our cookie settings at the bottom of the page.

7. Data Transfer and Third Countries

Your data is only passed on to third parties in the following cases: To our contractual partners (software manufacturers) for license provision, to IT service providers within the framework of order processing (Art. 28 GDPR), to fulfill legal obligations. For data transfers to third countries, we ensure an adequate level of protection through appropriate guarantees (standard contractual clauses, adequacy decisions).

8. Your Rights

You have the following rights regarding your personal data:

Right to information (Art. 15 GDPR)

Right to rectification (Art. 16 GDPR)

Right to erasure (Art. 17 GDPR)

Right to restriction of processing (Art. 18 GDPR)

Right to data portability (Art. 20 GDPR)

Right to object (Art. 21 GDPR)

To exercise your rights, please contact: info@attivita.de

Practical Implementation of Your Rights:

GDPR Data Request: Logged-in users can download their personal data through their profile

Profile → Security

Newsletter Settings: Manage your newsletter preferences in your profile

Profile → Settings

Cookie Settings: Adjust your cookie preferences via the cookie settings at the bottom of the page

9. Right to Complain

You have the right to lodge a complaint with a data protection supervisory authority about our processing of personal data. The State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia is responsible.

10. Data Security

We implement technical and organizational measures to protect your data against accidental or intentional manipulation, loss, destruction or access by unauthorized persons. These include: SSL encryption, access restrictions, regular security updates, backup systems.

11. Changes to the Privacy Policy

We reserve the right to update this privacy policy to adapt it to changed legal situations or business processes. The current version is always available on our website.

12. Newsletter

If you subscribe to our newsletter, we process your email address to send information about new products and offers. The legal basis is your consent (Art. 6 para. 1 lit. a GDPR). You can unsubscribe from the newsletter at any time.

13. EU Data Act Compliance

In accordance with the EU Data Act (Regulation 2023/2854, applicable since September 12, 2025), we ensure fair data sharing practices in our B2B relationships. Business customers have the right to access data generated through the use of our software products and services. We provide transparent terms regarding data usage and do not impose unfair contractual conditions. Customers may terminate services with a maximum notice period of 2 months, and we support data portability in standard machine-readable formats upon request.

14. Security Incident Disclosure (NIS2)

In compliance with the NIS2 Directive (transposed into German law via the BSI Act, effective December 2025), we maintain robust cybersecurity measures and incident response procedures. In the event of a security incident that may affect personal data, we will notify the relevant supervisory authority (BSI and data protection authority) within the required timeframes and inform affected business partners without undue delay. We conduct regular security assessments, maintain incident response plans, and ensure our IT infrastructure meets current cybersecurity standards.

15. Use of AI Systems

In accordance with the EU AI Act (Regulation 2024/1689), we are committed to transparency regarding any use of artificial intelligence systems. If we deploy AI-based tools for customer interactions (such as automated support or product recommendations), we will clearly disclose their use and ensure compliance with applicable risk categories. Currently, we do not employ high-risk AI systems as defined under Annex III of the EU AI Act. Should this change, we will update this privacy policy accordingly and provide detailed information about the AI systems used, their purpose, and your rights in relation to automated decision-making.

Cookie Preferences

We use cookies to provide you with the best user experience on our website. Some are necessary, while others help us improve this website and your experience.