Mareike Mutzberg, Brucker Str. 22c, 82205 Gilching, Germany
Email: mareike@mareikemutzberg.com
Website: mareikemutzberg.com
This policy explains how I process personal data when you use my website, contact me, book appointments via my Google Calendar link, and subscribe to my newsletter.
Usage/technical data (IP address, timestamp, requested URL, referrer, user agent, status code — server logs); communication data (name, email, message content when you contact me by email); booking data (appointment details you provide via Google Calendar); newsletter data (email, optional name, double-opt-in and send/engagement metadata via Brevo).
Website delivery & security (logs): legitimate interests (Art. 6(1)(f)). Replies to inquiries / pre-contractual steps: contract (Art. 6(1)(b)) or legitimate interests (Art. 6(1)(f)). Newsletter: consent (Art. 6(1)(a)). Consent records/legal duties: legal obligation/legitimate interests (Art. 6(1)(c)/(f)). Cookies/marketing tags: consent where required (Art. 6(1)(a), TTDSG). I currently do not set non-essential cookies.
Provider: Cloudflare, Inc., 101 Townsend Street, San Francisco, CA 94107, USA (Cloudflare Pages). For operation and security, the host processes server log files. Retention: typically 7–30 days, then deletion. Legal basis: Art. 6(1)(f) GDPR. As Cloudflare is based outside the EU/EEA, transfers rely on EU Standard Contractual Clauses (Art. 46 GDPR) and additional safeguards where appropriate.
Contact runs through a simple mailto link — there is no form on the website that transmits data to me or third parties; your email is sent directly from your own email client. Legal basis: Art. 6(1)(b) or (f). Retention: deleted when resolved unless legal retention applies.
I provide a booking link to Google Calendar (Appointment Schedules). When you follow the link, you are using Google's service. Provider: Google Ireland Limited (for EEA); potential processing by Google LLC (USA). Legal basis: Art. 6(1)(b) and (f). No appointment widget is embedded on my site; data is transmitted to Google only after you follow the link.
I use Brevo to send newsletters, double opt-in on signup. Provider: Brevo (Sendinblue SAS), France, DPA in place (Art. 28 GDPR). Legal basis: consent (Art. 6(1)(a)). Retention: while subscribed; logs up to 3 years after last send/unsubscribe.
I currently do not use analytics, marketing pixels, or embedded third-party widgets; no non-essential cookies are set. The three Kaleidoscope Mind quizzes are plain outbound links to Tally — no embed, no data exchange before you click.
My website links to Tally (quizzes), Instagram, LinkedIn, Amazon Author Central, Gumroad, and Spotify. These are simple outbound links. Legal basis for linking: Art. 6(1)(f) GDPR.
For paid services I invoice directly (Sparring, Speaking), I process customer/transaction data per Art. 6(1)(b)/(c), retained up to 10 years under tax law. Purchases via Gumroad are processed by Gumroad as an independent controller.
Standard provisions apply: data shared only with necessary processors under Art. 28 GDPR agreements; international transfers rely on adequacy decisions or Standard Contractual Clauses; data retained only as long as necessary; you have rights of access, rectification, erasure, restriction, objection and data portability (Art. 15–21 GDPR) and may complain to a supervisory authority, e.g. Berliner Beauftragte für Datenschutz und Informationsfreiheit; appropriate technical/organizational security measures are applied (TLS, access controls, backups); no automated decision-making or profiling with legal effect takes place.
Last updated: July 12, 2026