Privacy Policy

Last updated: November 2025

1. Data Controller

GOTAT.ME – Juri Bücker
Rehornweg 50, 26180 Rastede, Germany
E-mail: juri@gotat.me

2. General Information

We process personal data exclusively in accordance with the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). Data is used only to operate and provide the GOTAT.ME service.

3. Types of Data Processed

  • Artist account data: name, email address, business details.
  • Payment data (processed by PayPal).
  • Booking form submissions from the artist's clients (processed by Typeform).

4. Processing via Typeform

Booking pages are powered by Typeform S.L., Carrer Bac de Roda 163, 08018 Barcelona, Spain, acting as a data processor (Art. 28 GDPR). Submissions are transmitted over encrypted connections and stored on EU servers. Details: Typeform Privacy Policy.

5. Payment Processing via PayPal

Payments are handled by PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, acting as an independent data controller. Details: PayPal Privacy Policy.

6. Web Hosting

The landing page is hosted by checkdomain GmbH, Große Burgstraße 27/29, 23552 Lübeck, Germany. The landing page itself does not process personal data; booking flows and data capture occur via Typeform.

7. Legal Bases

  • Art. 6(1)(b) GDPR – performance of a contract or steps prior to entering into a contract.
  • Art. 6(1)(f) GDPR – legitimate interest in secure, efficient service provision and fraud prevention.

8. Rights of Data Subjects

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)

Requests may be sent to juri@gotat.me.

9. Retention

Data is stored only as long as necessary for contract performance and as required by statutory retention periods.

10. Security

All transmissions use HTTPS. Typeform and PayPal apply encryption and security measures compliant with applicable regulations.

11. International Transfers

Where third-party providers process data outside the EU/EEA, adequate safeguards such as EU Standard Contractual Clauses are used.

12. Changes to this Policy

We may update this Privacy Policy to reflect changes in legal or technical requirements. The current version is indicated by the "Last updated" date above.