Andmekaitse

GDPR / DSGVO

Privaatsus lühidalt

The following notes provide a simple overview of what happens to your isikuandmed when you visit this veebisait. isikuandmed is any data with which you can be personally identified.

Who is responsible for data collection on this veebisait?
Data töötlemine on this veebisait is carried out by the veebisait operator. You can find their contact details in the section "Name and Address of the vastutav töötleja" in this Andmekaitse.
How do we collect your data?
Most töötlemine happens locally in your brauser. You enter calculation values (e.g., salary and tax settings) directly. If you open a shared link, these values are read from URL parameters. In addition, our hosting infrastructure automatically processes technical connection data (e.g., IP address, timestamp, and user agent) in server logs.
What do we use your data for?
We process data to provide calculator and comparison features, restore your settings during your brauser session, generate/share URLs on request, and ensure stable and secure operation of the veebisait.
What rights do you have regarding your data?
You have the right at any time to receive information free of charge about the origin, vastuvõtja and purpose of your stored isikuandmed. You also have the right to request the correction or deletion of this data. If you have given nõusolek to data töötlemine, you can revoke this nõusolek at any time for the future. You also have the right, under certain circumstances, to request the piiramine of the töötlemine of your isikuandmed. Furthermore, you have the Kaebuse esitamise õigus with the competent supervisory authority.

1. Vastutava töötleja nimi ja aadress

Oliver Ferch

Roseggerweg 5

73037 Göppingen, Deutschland

Tel.: 0151-57475737

Website: www.nettoflow.com

2. Mõisted

This andmekaitse declaration is based on the terms used by the European legislator for the adoption of the isikuandmete kaitse üldmäärus (GDPR). Our andmekaitse declaration should be legible and understandable for the general public, as well as our customers and business partners.

a) isikuandmed
isikuandmed means any information relating to an identified or identifiable natural person ("andmesubjekt"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) andmesubjekt
andmesubjekt is any identified or identifiable natural person, whose isikuandmed is processed by the vastutav töötleja responsible for the töötlemine.
c) töötlemine
töötlemine is any operation or set of operations which is performed on isikuandmed, such as collection, recording, organisation, storage, adaptation, retrieval, consultation, use, disclosure, alignment, piiramine, kustutamine or destruction.
d) piiramine of töötlemine
piiramine of töötlemine is the marking of stored isikuandmed with the aim of limiting their töötlemine in the future.
e) Profiling
Profiling means any form of automated töötlemine of isikuandmed consisting of the use of isikuandmed to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
f) Pseudonymisation
Pseudonymisation is the töötlemine of isikuandmed in such a manner that the isikuandmed can no longer be attributed to a specific andmesubjekt without the use of additional information, provided that such additional information is kept separately.
g) vastutav töötleja
vastutav töötleja is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the töötlemine of isikuandmed.
h) volitatud töötleja
volitatud töötleja is a natural or legal person, public authority, agency or other body which processes isikuandmed on behalf of the vastutav töötleja.
i) vastuvõtja
vastuvõtja is a natural or legal person, public authority, agency or another body, to which the isikuandmed are disclosed, whether a kolmas isik or not.
j) kolmas isik
kolmas isik is a natural or legal person, public authority, agency or body other than the andmesubjekt, vastutav töötleja, volitatud töötleja and persons who are authorised to process isikuandmed.
k) nõusolek
nõusolek of the andmesubjekt is any freely given, specific, informed and unambiguous indication of the andmesubjekt's wishes by which he or she signifies agreement to the töötlemine of isikuandmed.

3. Serveri logifailid

When you access this veebisait, our hosting infrastructure automatically processes technical data required for delivery and security, such as IP address, date/time, requested URL, referrer, user agent, and response status. We do not use this data to identify you personally without a õiguslik alus.

4. Küpsised ja sarnased tehnoloogiad

Our website does not use cookies. We only use technically necessary storage (specifically sessionStorage under the key "aa.tax-planner.state.v1") to provide the calculator functionality and retain your settings during your browser session. We also use URL parameters for share links. Optional technologies, tracking cookies, or advertising scripts are not used on this website.

5. Hosting (Google Cloud)

We host our veebisait with Google Cloud Platform, a service provided by Google Cloud EMEA Limited, 70 Sir John Rogerson's Quay, Dublin 2, Ireland ("Google"). All data collected on our veebisait is processed on Google's servers. Please note that Google uses so-called Anycast IP addresses for global delivery. Although these may appear as US addresses in IP databases, the actual data töötlemine (routing and server location) takes place in European data centers. As part of these services, data may be transferred to Google LLC in the USA. Data Transfer to the USA: Google LLC is certified under the EU-U.S. Data Privacy Framework (DPF). The European Commission has determined that companies certified under the DPF provide an adequate level of andmekaitse (Art. 45 GDPR). This means that data transfers to Google LLC in the USA are currently permitted without additional safeguards. Additionally, Google employs Standard Contractual Clauses (SCCs) (Art. 46 (2) and (3) GDPR) as a safeguard for data transfers to third countries where an adequacy decision may not apply or as a fallback mechanism. These clauses oblige Google to comply with European andmekaitse standards. Andmetöötlusleping: We have concluded a Andmetöötlusleping (DPA) with Google (specifically the "Cloud Data töötlemine Addendum"), which legally obligates Google to protect our users' data and process it only in accordance with our instructions. For more information on Google's andmekaitse practices, please visit: https://policies.google.com/privacy and https://cloud.google.com/privacy/GDPR.

6. Content Delivery Network (Google Cloud CDN)

We use Google Cloud CDN to deliver our veebisait content securely and efficiently. This is a Content Delivery Network provided by Google. When you use our veebisait, your brauser establishes a connection to Google's servers, which may involve transferring your IP address and other technical data to the USA. We have concluded a Andmetöötlusleping with Google. Google is certified under the EU-U.S. Data Privacy Framework (DPF).

7. SSL/TLS krüpteerimine

See veebisait kasutab SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as inquiries you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the brauser changes from "http://" to "https://" and by the lock symbol in your brauser line. When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

8. Isikuandmete vastuvõtjad

We disclose isikuandmed only where necessary. Recipients may include hosting/CDN and security providers who process technical connection data on our behalf, and authorities where legally required.

töötlemine based on technically necessary veebisait functionality (including session storage for requested calculator features) is carried out on the basis of Art. 6(1) lit. f GDPR. If nõusolek is required for optional technologies, töötlemine is based on Art. 6(1) lit. a GDPR. For legal obligations, Art. 6(1) lit. c GDPR applies.

10. Õigustatud huvid

Our Õigustatud huvid include providing reliable calculator functionality, preserving user-entered settings during a session, protecting and securing the service, and troubleshooting technical issues.

11. Isikuandmete säilitamise periood

We store isikuandmed only as long as necessary for the respective purpose. SessionStorage data is generally deleted automatically at the end of the brauser session. Values contained in shared URLs remain until the URL is changed or deleted by you (e.g., brauser history). Server log retention is limited and follows operational/security needs and legal obligations of the hosting provider.

12. Isikuandmete rutiinne kustutamine ja blokeerimine

Me töötleme ja säilitame isikuandmed only for the period necessary to achieve the purpose of storage, or as far as this is granted by the European legislator. If the storage purpose is not applicable, or if a storage period expires, the isikuandmed are routinely blocked or erased.

13. Seadusest või lepingust tulenevad nõuded

The provision of isikuandmed is partly required by law (e.g. tax regulations) or can result from contractual provisions. The non-provision of the isikuandmed would have the consequence that the contract could not be concluded.

14. Automatiseeritud otsuste tegemise olemasolu

We do not use automatic decision-making or profiling.

15. Andmesubjekti õigused

a) Kinnitamise õigus
Each andmesubjekt has the right to obtain from the vastutav töötleja confirmation as to whether isikuandmed concerning him or her are being processed.
b) Juurdepääsuõigus
Each andmesubjekt has the right to obtain free information about isikuandmed stored at any time and a copy of this information, including the purposes of the töötlemine, categories of data concerned, recipients, storage period, and existence of rights to parandamine or kustutamine.
c) Parandamisõigus
Each andmesubjekt has the right to obtain without undue delay the parandamine of inaccurate isikuandmed and to have incomplete isikuandmed completed.
d) Kustutamisõigus (õigus olla unustatud)
Each andmesubjekt has the right to obtain from the vastutav töötleja the kustutamine of isikuandmed without undue delay where one of specific grounds applies, such as the data no longer being necessary for its original purpose.

e) Töötlemise piiramise õigus

Each andmesubjekt has the right to obtain piiramine of töötlemine where the accuracy of data is contested, the töötlemine is unlawful, or the andmesubjekt has objected to töötlemine.

The right to piiramine of töötlemine exists in the following cases:

  • If you dispute the accuracy of your isikuandmed stored by us, we usually need time to verify this. For the duration of the verification, you have the right to request the piiramine of the töötlemine of your isikuandmed.
  • If the töötlemine of your isikuandmed happened/is happening unlawfully, you can request the piiramine of data töötlemine instead of deletion.
  • If we no longer need your isikuandmed, but you need it to exercise, defend or assert legal claims, you have the right to request piiramine of the töötlemine of your isikuandmed instead of deletion.
  • If you have lodged an objection pursuant to Art. 21(1) GDPR, a balance must be struck between your interests and ours. As long as it has not yet been determined whose interests prevail, you have the right to request the piiramine of the töötlemine of your isikuandmed.

If you have restricted the töötlemine of your isikuandmed, this data may – apart from its storage – only be processed with your nõusolek or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.

f) Andmete ülekandmise õigus
Each andmesubjekt has the right to receive the isikuandmed concerning him or her in a structured, commonly used and machine-readable format, and to transmit those data to another vastutav töötleja.
g) Vastuväite esitamise õigus
Each andmesubjekt has the Vastuväite esitamise õigus, on grounds relating to his or her particular situation, at any time, to töötlemine of isikuandmed concerning him or her.
h) Automatiseeritud otsuste tegemine
Each andmesubjekt has the right not to be subject to a decision based solely on automated töötlemine, including profiling, which produces legal effects.
i) Nõusoleku tagasivõtmise õigus
Each andmesubjekt has the right to withdraw his or her nõusolek to töötlemine of isikuandmed at any time.
j) Kaebuse esitamise õigus
Each andmesubjekt has the Kaebuse esitamise õigus with a supervisory authority, in particular in the Member State of their habitual residence, place of work, or place of the alleged infringement, if they consider that the töötlemine of isikuandmed relating to them infringes the GDPR.

Vastuväite esitamise õigus to data collection in special cases and to direct marketing (Art. 21 GDPR)

IF DATA töötlemine IS BASED ON ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THE töötlemine OF YOUR isikuandmed FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE õiguslik alus ON WHICH töötlemine IS BASED CAN BE FOUND IN THIS Andmekaitse. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR isikuandmed CONCERNED UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE töötlemine WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE töötlemine SERVES THE ASSERTION, EXERCISE OR DEFENSE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21(1) GDPR).

IF YOUR isikuandmed IS PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE Vastuväite esitamise õigus AT ANY TIME TO THE töötlemine OF isikuandmed CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR isikuandmed WILL SUBSEQUENTLY NO LONGER BE USED FOR THE PURPOSE OF DIRECT MARKETING (OBJECTION PURSUANT TO ART. 21(2) GDPR).

16. Keeldumine reklaamkirjadest

The use of contact data published as part of the Impressum obligation for sending unsolicited advertising and information materials is hereby objected to. The operators of the pages expressly reserve the right to take legal action in the event of unsolicited sending of advertising information, such as spam emails.

This Andmekaitse was generated with the Andmekaitse generator of the German Association for andmekaitse.