Privacy Policy

GDPR / DSGVO

Privacy at a Glance

The following notes provide a simple overview of what happens to your personal data when you visit this website. Personal data is any data with which you can be personally identified.

Who is responsible for data collection on this website?: Data processing on this website is carried out by the website operator. You can find their contact details in the section "Name and Address of the Controller" in this privacy policy.
How do we collect your data?: Most processing happens locally in your browser. You enter calculation values (e.g., salary and tax settings) directly. If you open a shared link, these values are read from URL parameters. In addition, our hosting infrastructure automatically processes technical connection data (e.g., IP address, timestamp, and user agent) in server logs.
What do we use your data for?: We process data to provide calculator and comparison features, restore your settings during your browser session, generate/share URLs on request, and ensure stable and secure operation of the website.
What rights do you have regarding your data?: You have the right at any time to receive information free of charge about the origin, recipient and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given consent to data processing, you can revoke this consent at any time for the future. You also have the right, under certain circumstances, to request the restriction of the processing of your personal data. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

1. Definitions

This data protection declaration is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our data protection declaration should be legible and understandable for the general public, as well as our customers and business partners.

a) Personal data: Personal data means any information relating to an identified or identifiable natural person ("data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) Data subject: Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.
c) Processing: Processing is any operation or set of operations which is performed on personal data, such as collection, recording, organisation, storage, adaptation, retrieval, consultation, use, disclosure, alignment, restriction, erasure or destruction.
d) Restriction of processing: Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.
e) Profiling: Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
f) Pseudonymisation: Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately.
g) Controller: Controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
h) Processor: Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
i) Recipient: Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.
j) Third party: Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who are authorised to process personal data.
k) Consent: Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she signifies agreement to the processing of personal data.

2. Name and Address of the Controller

Oliver Ferch

Zimmererstr. 26

86153 Augsburg, Deutschland

Tel.: 0151-57475737

E-Mail: geldspur@pm.me

Website: www.nettoflow.com

3. Cookies and Similar Storage Technologies

Our website uses cookies and similar storage technologies. Technically necessary storage (including sessionStorage under the key "aa.tax-planner.state.v1") is used to provide calculator functionality and keep selected settings during your browser session. We also use URL parameters for share links. Optional technologies, including advertising-related cookies, are only used where there is a legal basis (in particular your consent).

4. Cookie Consent Tool (CCM19)

To ensure that only cookies for which there is a legal basis are set on our website, we use the consent management tool CCM19 from Papoo Software & Media GmbH, Auguststr. 4, 53229 Bonn, Germany. This service is used to obtain your consent to store certain cookies in your browser or to use certain technologies and to document this in accordance with data protection regulations. When you visit our website, the consent given or revoked is stored as a CCM19 cookie in your browser. For this purpose, a connection is established to the CCM19 servers. The data collected is stored until you request deletion, delete the CCM19 cookie yourself, or the purpose for data storage no longer applies. Mandatory legal retention obligations remain unaffected. The legal basis is Art. 6 (1) (c) GDPR. CCM19 is used to obtain the legally required consent for the use of cookies.

5. Server Log Files

When you access this website, our hosting infrastructure automatically processes technical data required for delivery and security, such as IP address, date/time, requested URL, referrer, user agent, and response status. We do not use this data to identify you personally without a legal basis.

6. Routine Erasure and Blocking of Personal Data

We process and store personal data only for the period necessary to achieve the purpose of storage, or as far as this is granted by the European legislator. If the storage purpose is not applicable, or if a storage period expires, the personal data are routinely blocked or erased.

7. Rights of the Data Subject

a) Right of confirmation: Each data subject has the right to obtain from the controller confirmation as to whether personal data concerning him or her are being processed.
b) Right of access: Each data subject has the right to obtain free information about personal data stored at any time and a copy of this information, including the purposes of the processing, categories of data concerned, recipients, storage period, and existence of rights to rectification or erasure.
c) Right to rectification: Each data subject has the right to obtain without undue delay the rectification of inaccurate personal data and to have incomplete personal data completed.
d) Right to erasure (Right to be forgotten): Each data subject has the right to obtain from the controller the erasure of personal data without undue delay where one of specific grounds applies, such as the data no longer being necessary for its original purpose.

e) Right of restriction of processing

Each data subject has the right to obtain restriction of processing where the accuracy of data is contested, the processing is unlawful, or the data subject has objected to processing.

The right to restriction of processing exists in the following cases:

If you dispute the accuracy of your personal data stored by us, we usually need time to verify this. For the duration of the verification, you have the right to request the restriction of the processing of your personal data.
If the processing of your personal data happened/is happening unlawfully, you can request the restriction of data processing instead of deletion.
If we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request restriction of the processing of your personal data instead of deletion.
If you have lodged an objection pursuant to Art. 21(1) GDPR, a balance must be struck between your interests and ours. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, this data may – apart from its storage – only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.

f) Right to data portability: Each data subject has the right to receive the personal data concerning him or her in a structured, commonly used and machine-readable format, and to transmit those data to another controller.
g) Right to object: Each data subject has the right to object, on grounds relating to his or her particular situation, at any time, to processing of personal data concerning him or her.
h) Automated individual decision-making: Each data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects.
i) Right to withdraw consent: Each data subject has the right to withdraw his or her consent to processing of personal data at any time.
j) Right to lodge a complaint: Each data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work, or place of the alleged infringement, if they consider that the processing of personal data relating to them infringes the GDPR.

Right to object to data collection in special cases and to direct marketing (Art. 21 GDPR)

IF DATA PROCESSING IS BASED ON ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA CONCERNED UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING SERVES THE ASSERTION, EXERCISE OR DEFENSE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21(1) GDPR).

IF YOUR PERSONAL DATA IS PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR THE PURPOSE OF DIRECT MARKETING (OBJECTION PURSUANT TO ART. 21(2) GDPR).

8. Recipients of Personal Data

We disclose personal data only where necessary. Recipients may include hosting/CDN and security providers who process technical connection data on our behalf, and authorities where legally required.

This website uses Google AdSense, an advertising service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google AdSense uses cookies to display relevant advertisements to you. Your browser may transmit certain data (including your IP address) to Google servers, which may be located in the USA. You can object to interest-based advertising by adjusting your Google ad settings at https://www.google.com/settings/ads. The legal basis is Art. 6(1) lit. a GDPR (consent via cookie banner). For more information, see Google's privacy policy at https://policies.google.com/privacy.

10. Analysis Services (Google Analytics)

This website uses Google Analytics, a web analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses cookies that enable an analysis of your use of the website. The information generated by the cookie about your use of this website is generally transmitted to a Google server in the USA and stored there. We use Google Analytics with activated IP anonymization. As a result, your IP address will be shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area before. The legal basis is Art. 6 (1) lit. a GDPR (consent via cookie banner). For more information, see Google's privacy policy at https://policies.google.com/privacy.

10. Hosting (Google Cloud)

We host our website with Google Cloud Platform, a service provided by Google Cloud EMEA Limited, 70 Sir John Rogerson's Quay, Dublin 2, Ireland ("Google"). All data collected on our website is processed on Google's servers. Please note that Google uses so-called Anycast IP addresses for global delivery. Although these may appear as US addresses in IP databases, the actual data processing (routing and server location) takes place in European data centers. As part of these services, data may be transferred to Google LLC in the USA. Data Transfer to the USA: Google LLC is certified under the EU-U.S. Data Privacy Framework (DPF). The European Commission has determined that companies certified under the DPF provide an adequate level of data protection (Art. 45 GDPR). This means that data transfers to Google LLC in the USA are currently permitted without additional safeguards. Additionally, Google employs Standard Contractual Clauses (SCCs) (Art. 46 (2) and (3) GDPR) as a safeguard for data transfers to third countries where an adequacy decision may not apply or as a fallback mechanism. These clauses oblige Google to comply with European data protection standards. Data Processing Agreement: We have concluded a Data Processing Agreement (DPA) with Google (specifically the "Cloud Data Processing Addendum"), which legally obligates Google to protect our users' data and process it only in accordance with our instructions. For more information on Google's data protection practices, please visit: https://policies.google.com/privacy and https://cloud.google.com/privacy/gdpr.

10a. Content Delivery Network (Google Cloud CDN)

We use Google Cloud CDN to deliver our website content securely and efficiently. This is a Content Delivery Network provided by Google. When you use our website, your browser establishes a connection to Google's servers, which may involve transferring your IP address and other technical data to the USA. We have concluded a Data Processing Agreement with Google. Google is certified under the EU-U.S. Data Privacy Framework (DPF).

10b. Google Web Fonts

This website may load Google Fonts to ensure uniform font presentation. This happens indirectly through tools such as Google AdSense. When these tools are loaded, a connection to Google's servers is established, and your IP address may be transmitted. The legal basis is your consent (Art. 6 (1) lit. a GDPR) given via our cookie banner. Further information can be found in Google's privacy policy: https://policies.google.com/privacy.

11. SSL/TLS Encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as inquiries you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

12. Objection to Advertising Emails

The use of contact data published as part of the imprint obligation for sending unsolicited advertising and information materials is hereby objected to. The operators of the pages expressly reserve the right to take legal action in the event of unsolicited sending of advertising information, such as spam emails.

13. Legal Basis for the Processing

Processing based on technically necessary website functionality (including session storage for requested calculator features) is carried out on the basis of Art. 6(1) lit. f GDPR. If consent is required for optional technologies, processing is based on Art. 6(1) lit. a GDPR. For legal obligations, Art. 6(1) lit. c GDPR applies.

14. Legitimate Interests

Our legitimate interests include providing reliable calculator functionality, preserving user-entered settings during a session, protecting and securing the service, and troubleshooting technical issues.

15. Period for Which Personal Data Will Be Stored

We store personal data only as long as necessary for the respective purpose. SessionStorage data is generally deleted automatically at the end of the browser session. Values contained in shared URLs remain until the URL is changed or deleted by you (e.g., browser history). Server log retention is limited and follows operational/security needs and legal obligations of the hosting provider.

16. Statutory or Contractual Requirements

The provision of personal data is partly required by law (e.g. tax regulations) or can result from contractual provisions. The non-provision of the personal data would have the consequence that the contract could not be concluded.

17. Existence of Automated Decision-making

We do not use automatic decision-making or profiling.

This privacy policy was generated with the privacy policy generator of the German Association for Data Protection.