Last updated: March 2026
At The Fiscal Flow, we are committed to protecting your personal data and respecting your privacy. This page explains how we comply with the General Data Protection Regulation (GDPR) – the European Union's data protection law – and what rights you have regarding your personal information.
This GDPR Compliance page works alongside our Privacy Policy, Cookie Policy, and Terms and Conditions. If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, this page applies specifically to you.
TABLE OF CONTENTS
- 1. Who We Are (Data Controller)
- 2. Our Legal Basis for Processing Data
- 3. Your Rights Under GDPR
- 4. How to Exercise Your Rights
- 5. Data We Collect and Why
- 6. Cookies and Consent
- 7. International Data Transfers
- 8. Data Security Measures
- 9. Data Retention
- 10. Third-Party Processors
- 11. Automated Decision-Making
- 12. Children's Data
- 13. Data Breaches
- 14. Supervisory Authority
- 15. Updates to This Page
- 16. Contact Us
1. WHO WE ARE (DATA CONTROLLER)
Under GDPR, The Fiscal Flow is the data controller of your personal information. This means we determine why and how your personal data is processed.
If you have any questions about how we handle your data, please contact us using the information in Section 16.
2. OUR LEGAL BASIS FOR PROCESSING DATA
Under GDPR, we must have a valid legal basis for processing your personal data. We rely on the following legal bases:
| Processing Activity | Legal Basis | Explanation |
|---|---|---|
| Website operation and security | Legitimate interests | We need to process certain data to keep our website secure and functioning properly. This is in our legitimate interest and does not override your rights. |
| Analytics (Google Analytics) | Consent | We use cookies and similar technologies to understand how visitors use our site. In the EEA/UK, we ask for your consent before placing non-essential cookies. |
| Advertising (Google AdSense) | Consent | If we display personalized ads, we obtain your consent before using cookies for advertising purposes. |
| Email communication (if applicable) | Consent or Contract | If you subscribe to a newsletter, we rely on your explicit consent. If you contact us directly, we process your data to respond to your inquiry. |
| Comments | Consent | When you leave a comment, you voluntarily provide your name and email, and we process this data with your consent. |
Legitimate Interests Assessment: Where we rely on legitimate interests, we have conducted a balancing test to ensure our interests do not override your fundamental rights and freedoms. Our legitimate interests include:
- Improving and optimizing our website
- Protecting our website from security threats
- Understanding how visitors engage with our content
- Responding to inquiries and comments
3. YOUR RIGHTS UNDER GDPR
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights regarding your personal data:
| Right | What It Means | How to Exercise |
|---|---|---|
| Right to be Informed | You have the right to be informed about the collection and use of your personal data. | This page and our Privacy Policy provide this information. |
| Right of Access | You can request a copy of the personal data we hold about you. | Contact us via email. We will respond within 30 days. |
| Right to Rectification | You can ask us to correct inaccurate or incomplete data. | Contact us with the correct information. |
| Right to Erasure (Right to be Forgotten) | You can request deletion of your personal data, subject to certain conditions. | Contact us. We will delete data unless we have a legal obligation to retain it. |
| Right to Restrict Processing | You can ask us to limit how we use your data. | Contact us with your request. |
| Right to Data Portability | You can request a copy of your data in a machine-readable format. | Contact us. We will provide your data in a commonly used format. |
| Right to Object | You can object to processing based on legitimate interests or direct marketing. | Contact us. For marketing, we will stop immediately. |
| Rights Related to Automated Decision-Making | You have rights regarding decisions made solely by automated means. | See Section 11 – we do not use automated decision-making. |
| Right to Withdraw Consent | If we rely on consent, you can withdraw it at any time. | Use cookie settings or contact us. |
These rights are not absolute and may be subject to certain exceptions under applicable law. We will respond to all legitimate requests within 30 days.
4. HOW TO EXERCISE YOUR RIGHTS
To exercise any of your GDPR rights, please contact us using one of these methods:
- Email: thefiscalflow2026@gmail.com (with "GDPR Request" in the subject line)
- Contact form: Visit our Contact Us page
- By mail: [Optional - add your mailing address if comfortable]
To help us respond quickly, please include:
- Your full name
- Your email address used on our site (if applicable)
- A clear description of the right you wish to exercise
- Any specific information relevant to your request
We may need to verify your identity before processing your request. This is a security measure to ensure we don't disclose your data to unauthorized persons.
We will respond to your request within 30 days. If your request is complex or you have made multiple requests, we may extend this period by an additional 60 days, but we will notify you if this is the case.
All requests are free of charge. However, if your request is manifestly unfounded or excessive, we may charge a reasonable fee or refuse to act on the request.
5. DATA WE COLLECT AND WHY
Under GDPR, we must be transparent about what data we collect and why. Here is a complete breakdown:
| Data Category | Specific Data | Purpose | Legal Basis | Retention Period |
|---|---|---|---|---|
| Usage Data | IP address, browser type, pages visited, time spent, referring website | Analyze site traffic, improve content, understand user behavior | Consent (via cookie banner) | 26 months (Google Analytics default) |
| Cookie Data | Preferences, session information, advertising identifiers | Site functionality, analytics, advertising | Consent (for non-essential cookies) | Varies by cookie type |
| Contact Information | Name, email address, message content | Respond to inquiries, provide customer support | Legitimate interests (to respond to you) | Until request is resolved + 1 year |
| Comment Data | Name, email address, comment content, IP address | Allow comments, prevent spam | Consent (when you submit a comment) | Indefinitely (unless deletion requested) |
| Newsletter Data | Email address, name (optional) | Send blog updates and content (if we offer newsletter) | Consent | Until unsubscribe |
Note: We do NOT collect sensitive personal data (such as racial or ethnic origin, political opinions, religious beliefs, health information, or biometric data).
6. COOKIES AND CONSENT
Under the ePrivacy Directive (EU Cookie Law) and GDPR, we must obtain your consent before placing non-essential cookies on your device.
Cookie Consent Mechanism
When you first visit our Site from the EEA/UK, you will see a cookie consent banner that:
- Clearly explains we use cookies
- Asks for your consent to place non-essential cookies
- Provides granular options to accept or reject different cookie categories
- Links to our Cookie Policy for more information
Essential cookies (those necessary for the Site to function) are placed automatically. All other cookies require your explicit consent.
Withdrawing Consent
You can withdraw your consent at any time by:
- Using the cookie settings link in our footer (if available)
- Clearing cookies in your browser settings
- Contacting us directly
For complete details about the cookies we use, please see our Cookie Policy.
7. INTERNATIONAL DATA TRANSFERS
The Fiscal Flow is hosted on Blogger, a Google platform. Google processes data globally, which may involve transferring your personal data outside the European Economic Area (EEA), including to the United States.
Safeguards for International Transfers
When your data is transferred outside the EEA, we ensure appropriate safeguards are in place:
| Recipient | Location | Safeguard |
|---|---|---|
| Google (Blogger, Analytics, AdSense) | USA and globally | Google is certified under the EU-US Data Privacy Framework and uses Standard Contractual Clauses (SCCs) approved by the European Commission. |
You can learn more about Google's data transfer safeguards at https://policies.google.com/privacy/frameworks.
By using our Site and providing your data, you acknowledge that your information may be transferred to and processed in countries outside your country of residence, which may have different data protection laws.
8. DATA SECURITY MEASURES
We take the security of your personal data seriously. Under GDPR, we are required to implement appropriate technical and organizational measures to protect your data. Here's what we do:
Technical Measures
- HTTPS encryption: Our entire Site uses HTTPS, encrypting all data transmitted between your browser and our servers.
- Secure hosting: Blogger (Google) implements robust security measures to protect data.
- Regular updates: We keep our platform and any plugins up to date.
Organizational Measures
- Access controls: Only necessary personnel have access to personal data.
- Data minimization: We collect only the data we need.
- Staff training: We understand our GDPR obligations.
- Breach response plan: We have procedures in place to handle potential data breaches.
While we implement these measures, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security but will do everything reasonably possible to protect your data.
9. DATA RETENTION
We retain your personal data only as long as necessary for the purposes we collected it, including to satisfy legal, accounting, or reporting requirements.
| Data Type | Retention Period | Reason |
|---|---|---|
| Analytics data | 26 months | Google Analytics default retention period |
| Contact form submissions | 1 year after resolution | To maintain records of communications |
| Comments | Indefinitely (until deletion requested) | Comments are part of blog content; we will remove upon request |
| Email subscriptions | Until unsubscribe | To provide the requested service |
| Cookie consent records | 1 year | To document consent as required by law |
When we no longer need your data, we will securely delete or anonymize it. If deletion is not possible (for example, because your data is stored in backup archives), we will securely isolate it until deletion is possible.
10. THIRD-PARTY PROCESSORS
We work with trusted third-party service providers who process personal data on our behalf. Under GDPR, we have data processing agreements with all such providers to ensure your data is protected.
| Third Party | Service | Data Processed | GDPR Compliance | Privacy Policy |
|---|---|---|---|---|
| Google (Blogger) | Website hosting platform | All data processed through the Site | Yes – certified under EU-US DPF | policies.google.com/privacy |
| Google Analytics | Website analytics | Usage data, IP address (anonymized) | Yes – certified under EU-US DPF | policies.google.com/privacy |
| Google AdSense | Advertising (if used) | Cookie data, advertising identifiers | Yes – certified under EU-US DPF | policies.google.com/privacy |
We have reviewed each provider's GDPR compliance and signed Data Processing Agreements where required. If you would like more information about these third parties, please contact us.
11. AUTOMATED DECISION-MAKING
Under GDPR, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
The Fiscal Flow does NOT engage in any automated decision-making or profiling that produces legal or similarly significant effects.
Any personalization you experience on our Site is based on your explicit choices (such as cookie consent) and does not involve automated decisions that significantly affect you.
12. CHILDREN'S DATA
Our Site is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.
If we become aware that we have collected personal data from a child under 16 without verification of parental consent, we will take steps to delete that information promptly.
13. DATA BREACHES
In the event of a personal data breach that poses a risk to your rights and freedoms, we will:
- Notify the relevant supervisory authority within 72 hours of becoming aware of the breach (as required by GDPR Article 33)
- Notify affected individuals without undue delay if the breach is likely to result in a high risk to their rights and freedoms (as required by GDPR Article 34)
- Document all breaches, including facts, effects, and remedial actions taken
To date, The Fiscal Flow has not experienced any personal data breaches.
14. SUPERVISORY AUTHORITY
Under GDPR, you have the right to lodge a complaint with a supervisory authority if you believe we have not handled your personal data properly.
We encourage you to contact us first so we can address your concerns directly. However, you have the right to contact your local data protection authority at any time.
European Data Protection Authorities
- UK (ICO): https://ico.org.uk
- Ireland (DPC): https://www.dataprotection.ie
- Germany (BfDI): https://www.bfdi.bund.de
- France (CNIL): https://www.cnil.fr
- Other EU countries: Find your authority at https://edpb.europa.eu
15. UPDATES TO THIS PAGE
We may update this GDPR Compliance page from time to time to reflect changes in:
- Our data processing practices
- Legal or regulatory requirements
- Guidance from supervisory authorities
- Interpretations of GDPR by courts
When we make changes, we will revise the "Last updated" date at the top of this page. If the changes are significant, we may provide more prominent notice (such as a banner on our homepage).
We encourage you to review this page periodically to stay informed about how we protect your data and comply with GDPR.
16. CONTACT US
If you have any questions about this GDPR Compliance page, our data protection practices, or wish to exercise your rights, please contact us:
- Email: thefiscalflow2026@gmail.com (please include "GDPR" in the subject line for faster handling)
- Through our Site: Visit our Contact Us page
- Response time: We aim to respond within 30 days
GDPR COMPLIANCE SUMMARY
At a glance, here's how we protect your GDPR rights:
| Requirement | Our Compliance |
|---|---|
| Lawful basis for processing | ✓ Consent, Legitimate Interests, Contract (see Section 2) |
| Consent mechanism | ✓ Cookie banner with granular options and withdraw ability |
| Data minimization | ✓ We collect only what we need |
| Transparency | ✓ This page + Privacy Policy + Cookie Policy |
| Data subject rights | ✓ We honor all GDPR rights (see Section 3) |
| Data security | ✓ HTTPS, access controls, breach procedures |
| International transfers | ✓ Safeguards in place (SCCs, EU-US DPF) |
| Data Protection Officer (DPO) | Not required for our scale, but we have a dedicated contact |
👉 BACK TO HOME | 👉 START HERE | 👉 ABOUT US | 👉 CONTACT US | 👉 PRIVACY | 👉 TERMS | 👉 COOKIE POLICY
Last updated: March 2026