top of page

DATA PROTECTION

1. Responsible person

The person responsible for data processing on this website is:

Daniel Goebel

Herbststraße 7

82234 Weßling

Germany

daniel@guruinyou.de

2. Overview: What data we process and why

We process personal data in order to provide this website, respond to inquiries, facilitate appointments, send newsletters, and measure reach and marketing (only with consent where required).

Data categories (typical):

  • Master data: Name

  • Contact details: Email address

  • Communication data: message content (if you write something in the text field)

  • Usage/device data: e.g. IP address, browser, timestamp, page views

  • Appointment/booking data: desired date, time zone, meeting notes if applicable

3. Legal basis

Unless otherwise specified, we process data on the basis of:

  • Art. 6 (1) (b) GDPR (contract/initiation, e.g. request for services)

  • Art. 6 (1) (f) GDPR (legitimate interest, e.g. secure website, communication)

  • Art. 6 (1) (a) GDPR (consent, e.g. newsletter, tracking, marketing)

  • § 25 para. 1 TTDSG (consent for cookies/tracking) and § 25 para. 2 TTDSG (technically necessary cookies)

4. Hosting and server log files

This website is hosted at: [hosting provider, address]. When you visit the website, data is automatically processed in server log files, e.g.:

  • IP address

  • Date/Time

  • Page/file accessed

  • Referrer-URL

  • Browser/OS

Purpose: Stability, security, error analysis, prevention against abuse Legal basis: Art. 6 para. 1 lit. f GDPR Storage period: [e.g. 7–30 days]

There is a contract with the hosting provider for order processing in accordance with Art. 28 GDPR (if necessary).

5. Contact forms (name, e-mail)

If you contact us via form, we will process your details (name, email, message if applicable) to process the request.

Legal basis: Art. 6 (1) (b) GDPR (in the case of a request for services) or Art. 6 (1) (f) GDPR Storage period: until the request has been completed, then deletion, provided that there are no statutory retention obligations.

6. Newsletter (Double-Opt-In)

If you sign up for our newsletter, we will use your email address (and optionally your name) to send it.

Double opt-in: After registering, you will receive a confirmation email. The newsletter is only activated after confirmation. In doing so, we store the time of registration and confirmation and, if applicable, IP address in order to provide proof of consent.

Newsletter service provider: [e.g. Brevo/Sendinblue, Mailchimp, CleverReach, rapidmail] Legal basis: Art. 6 para. 1 lit. a GDPR (consent) Revocation: at any time via the unsubscribe link or by e-mail to [e-mail] Storage period: until revocation; Evidence data may also be stored for legal defence purposes (Art. 6 para. 1 lit. f GDPR).

Newsletter tracking (optional): If you have open and click-through rates measured, this is also consent-based. (If you don't use that, delete this sentence.)

7. Cookie-Banner / Consent-Management

We use a consent management tool to manage consents for cookies/tracking.

Provider: [e.g. Borlabs Cookie, Usercentrics, Cookiebot] Processed data: consent status, time stamp, IP address (abbreviated), browser information (if applicable), browser information Legal basis: Art. 6 para. 1 lit. c GDPR (legal obligation) and Art. 6 para. 1 lit. f GDPR (proof/management), if applicable § 25 TTDSG Storage period: up to 12 months

8. Google Tag Manager

We use Google Tag Manager to manage website tags. The Tag Manager itself does not create user profiles, but it can process technical data (e.g. IP address).

Provider: Google Ireland Limited, Dublin, Ireland (possibly Google LLC, USA) Legal basis: depending on the application, usually Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TTDSG (if tracking/marketing tags are delivered via it) Third country transfer: possible (USA), see section "Data transfer to third countries".

9. Google Analytics 4 (GA4)

We use Google Analytics 4 to analyse website usage (e.g. page views, interactions, approximate location region, technical characteristics). GA4 sets cookies or similar technologies if you give your consent.

Provider: Google Ireland Limited (possibly Google LLC, USA) Legal basis: Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TTDSG (consent) IP processing: GA4 processes IP addresses; as a rule, the IP is used for geo-localization and is not stored permanently afterwards (details depend on the configuration). Storage period: [e.g. 2 or 14 months, depending on the setting] Revocation: via the cookie banner (consents can be adjusted at any time)

  1. 10. Meta Pixel (Facebook/Instagram Pixel)

We use the Meta Pixel to measure the effectiveness of advertising, build custom audiences, and optimize ads.

Provider: Meta Platforms Ireland Limited, Dublin, Ireland (possibly Meta Platforms, Inc., USA) Legal basis: Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TTDSG (consent) Data: Event data (e.g. page view, button click), technical information (e.g. browser), if applicable assignment to Meta account (if logged in) Revocation: via the cookie banner

11. Google reCAPTCHA

We use reCAPTCHA to check whether entries in forms are made by humans (spam protection).

Provider: Google Ireland Limited (possibly Google LLC, USA) Processed data (typical): IP address, browser/device, referrer, mouse movements, time behavior, Google cookies (if applicable) Legal basis:

  • usually Art. 6 (1) (f) GDPR (legitimate interest in protection against abuse)

  • if reCAPTCHA sets cookies/tracking, additional consent according to Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TTDSG (depending on implementation) Note: If you only want to load reCAPTCHA after consent, it must be technically implemented accordingly.

12. Calendly (Terminbuchung)

We use Calendly to make appointments. This processes data that you enter (e.g. name, email, desired appointment, time zone, notes, if applicable). Calendly may set cookies and collect technical data.

Provider: Calendly LLC, USA (possibly EU representation/partner depending on the current structure) Legal basis: Art. 6 para. 1 lit. b GDPR (deadline/contract/initiation) and, if applicable, Art. 6 para. 1 lit. a GDPR in conjunction with § 25 TTDSG (if cookies/tracking are involved) Third country transfer: USA possible, see below Storage period: until deadline purpose fulfilled + reasonable grace period

13. YouTube-Videos (Embeds)

We integrate videos from the YouTube platform. When loading the video, data can be transferred to YouTube/Google.

Provider: Google Ireland Limited (YouTube), possibly Google LLC, USA Legal basis: Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TTDSG (consent), if videos are loaded only after consent Recommendation: "Two-click solution"/embedding only after consent, as well as "extended data protection mode", if implemented.

  1. 14. Google Fonts

We use fonts ("Google Fonts").

There is no connection to Google servers. Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in uniform presentation)

15. Recipients / Processors

We use service providers (e.g. hosting, newsletter, appointment booking) who process data on our behalf (Art. 28 GDPR). In addition, recipients can arise if you have consented (e.g. Google, Meta).

16. Data transfer to third countries (e.g. USA)

For some services, a transfer to countries outside the EU/EEA (esp. USA) cannot be ruled out. In these cases, we base the transfer on appropriate safeguards, such as EU Standard Contractual Clauses, as well as additional safeguards where necessary.

Note: Depending on the provider, certification according to an EU-US mechanism may also be used, if applicable and current.

17. Storage period

Unless otherwise stated, we store personal data:

  • only as long as it is necessary for the purpose,

  • or as long as statutory retention obligations exist,

  • or until you withdraw consent.

18. Data security

We use technical and organizational measures to protect data, in particular TLS/SSL encryption.

19. Your rights

You have the right to:

  • Information (Art. 15 GDPR)

  • Rectification (Art. 16 GDPR)

  • Erasure (Art. 17 GDPR)

  • Restriction (Art. 18 GDPR)

  • Data portability (Art. 20 GDPR)

  • Objection (Art. 21 GDPR)

Objection to direct marketing: You can object to the processing of your data for direct marketing purposes at any time.

You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR).

20. Withdrawal of consent

You can revoke consent at any time with effect for the future, e.g. via the cookie banner or by sending a message to daniel@guruinyou.de.

21. Timeliness

Last update: 18.01.2026

We will adjust this statement if services or legal situation change.

© 2026 Daniel Goebel

contact

imprint

data protection

terms and conditions

bottom of page