top of page

PRIVACY POLICY

I INTRODUCTION AND TERMS

1. GENERAL

When operating our website with the URL www.thefatrat.com (hereinafter referred to as the "website"), we process personal data. We treat this data confidentially and process it in accordance with the applicable laws - in particular the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and the Telecommunications Digital Services Data Protection Act (TDDDG). With these data protection provisions, we want to inform you about which personal data we collect from you, for what purposes and on what legal basis we use it and, if applicable, to whom we disclose it. In addition, we will explain to you what rights you have to protect and enforce your data privacy.

2. NOTES

Our privacy policy contains technical terms that are used in the GDPR and the BDSG. For your better understanding, we would like to explain these terms in simple terms in advance:

2.1 Personal data
Personal data" means any information relating to an identified or identifiable person (Art. 4 No. 1 GDPR). Details of an identified person can be, for example, their name or email address. However, personal data is also data for which the identity is not immediately apparent, but can be determined by combining your own or third-party information to find out who the person is. A person can be identified, for example, by providing their address or bank details, their date of birth or user name, their IP addresses and/or location data. All information that can be used to identify a person in any way is relevant here.

2.2 Processing
Art. 4 No. 2 GDPR defines "processing" as any operation which is performed on personal data. This applies in particular to the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.

II CONTROLLER AND PROTECTION OFFICER

3. CONTROLLER

Responsible for data processing is:

Company: Pharisade LTD ("we")
Legal representative: Svea Buettner

 

Address: Pharisade LTD

Archiepiskopou Makariou III, 49,

Office 1,

Yeroskipos

8200 Paphos


E-mail: management@pharisade.com

4. DATA PROTECTION OFFICER

Our company is not obliged to appoint a company data protection officer. If you have any questions or concerns about data protection on our website and in our company, you can contact us using the contact details above.

III PROCESSING FRAME

5. PROCESSING FRAMEWORK: WEBSITE

As part of the website, we process the personal data of you listed in detail below in Section IV. We only process data that you actively provide on the website (e.g. by filling out forms) or that you automatically provide when using our website.

Your data will be processed exclusively by us and will not be sold, lent or passed on to third parties. If we use the help of external service providers to process your personal data, this is done within the framework of so-called order processing, in which we as the client are authorized to issue instructions to our contractors. We use external service providers to host our website. We host our website with the external provider Wix (address: Wix.com Ltd., Nemal St. 406350671 Tel Aviv, Israel) in the data center location United States, Ireland, Israel, Japan. If other external service providers are used for individual processing operations listed in Section IV, they will be named there.

We do not transfer data to third countries and do not plan to do so. We will provide information about exceptions to this principle in the processing described below. Any data transfer to third countries then takes place on the basis of the so-called EU standard contractual clauses.

IV PROCESSING DETAIL

6. PROVISION OF THE WEBSITE AND SERVER LOG FILES

6.1 Description of processing
Each time you visit the website, we automatically collect information that your browser transmits to our server. This is the following data:

·     IP address

·     Browser software used, as well as its version and language

·     Operating system

·     the website from which visitors came to the website (so-called referrer)

·     the subpages accessed on the website

·     Country and location from which a user visited the website

These are also stored in the so-called log files of our system. The temporary storage of your IP address by the system is necessary in order to be able to deliver our website to the user's end device. For this purpose, the user's IP address must remain stored for the duration of the session.  Your IP address is also recorded in the log files for security reasons to prevent attacks on our website (in particular so-called DDoS attacks) and to prevent fraud.

6.2 Purpose

The purpose of processing is to enable the website to be accessed and to ensure its stability and security. In addition, the processing serves the statistical evaluation and improvement of our online offer.

6.3 Legal basis
The processing is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the legitimate interest described in Section 6.2 named purpose.

6.4 Storage period
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the
case of the collection of data for the provision of the website, this is the case when the respective session has ended. The log files are deleted after 10 days.

7. COOKIES

7.1 Description of processing
Our website uses cookies. Cookies are small text files that are stored on the user's device when visiting a website. Cookies contain information that enables the recognition of an end device and possibly certain functions of a website. We differentiate between our own cookies and external, so-called third-party cookies. So-called "session cookies" and "persistent cookies" are used on our website. "Session cookies" are automatically deleted when you end your internet session and close the browser. Persistent cookies remain stored on your end device for a longer period of time. If cookies are technically necessary for the operation of our website, your consent is not required. All other cookies that are not technically necessary are only set after you have actively consented to the use of cookies via our consent tool. We use the service Wix to obtain and document consent. The consent tool stores your selection itself in a cookie on your end device. This means that you do not need to make a decision about cookies again when you visit our website again.

You can find out which cookies are used on our website and for what purpose, how long they are stored on your end device and what consent you may have already given in the settings of the consent tool Wix.

7.2 Purpose
We use cookies to make our website more user-friendly and to fulfill the purposes described in section 7.1 described functions.

7.3 Legal basis
The processing is necessary with regard to technically required cookies and the use of the consent tool to safeguard the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f GDPR in conjunction with § 25 para. 2 TTDSG). Our legitimate interest lies in the legitimate interest described in section 7.2 named purpose. The legal basis for the processing of all other cookies - i.e. cookies that are not technically necessary - is consent (Art. 6 para. 1 lit. a GDPR in conjunction with Section 25 para. 1 TDDDG). Such consent is voluntary.

7.4 Storage period, revocation of consent
Cookies are automatically deleted at the end of a session or at the end of the specified storage period. As cookies are stored on your end device, you as the user have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your internet browser. Cookies that have already been saved can be deleted. This can also be done automatically. If cookies are deactivated, deleted or restricted for our website, it may be that individual functions of our website cannot be used or can only be used to a limited extent. You can revoke any consent you have given to the use of cookies at any time in the settings of the consent tool Wixwith effect for the future.

7.5 Recipients
When cookies are used, data may be transmitted to the corresponding providers of these third-party services. Under certain circumstances, data may also be transferred to third countries outside the European Union or the European Economic Area. We provide information about the recipients of data and the transfer to third countries in the settings of the consent tool or in the corresponding section on the third-party service in this privacy policy.

8. CONTACT FORM AND CONTACT BY E-MAIL

8.1 Description of the processing
We have provided a contact form on our website for contacting us. In this form, you are asked to enter your e-mail address, your name and a message to us. When you click the "Send" button, the data will be transmitted using SSL encryption (see section 15.) is transmitted to us. The contact form can only be transmitted if you confirm that you have taken note of this privacy policy by clicking on the corresponding checkbox. You can also contact us via the e-mail addresses provided on the website. To contact us, you can write to us using the e-mail address provided on the website. In this case, the personal data transmitted with the e-mail will be processed by us.

8.2 Purpose
By providing a contact form on our website, we want to offer you a convenient way to get in touch with us. The data transmitted with and in the contact form or your e-mail will be used exclusively for the purpose of processing and responding to your request.

8.3 Legal basis
The processing is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the legitimate interest described in Section 8.2 named purpose. If the e-mail contact is aimed at the conclusion or fulfillment of a contract, the data processing is carried out for the fulfillment of the contract (Art. 6 para. 1 lit. b GDPR).

8.4 Storage period
We delete the data as soon as it is no longer required for the purpose for which it was collected. This is usually the case when the respective communication with you has ended. Communication ends when it can be inferred from the circumstances that your request has been conclusively clarified. If statutory retention periods prevent deletion, the data will be deleted immediately after the statutory retention period has expired.

9. NEWSLETTER

9.1 Description of the processing
We send out a newsletter at irregular intervals. We use the newsletter to inform you about offers and news. You will only receive our newsletter if you actively subscribe to our mailing list. You can subscribe by filling out and submitting a newsletter registration form on our website.

Only your e-mail address is required to subscribe to the newsletter. All other details (such as your first name and surname) are voluntary and are used solely to personalize the emails. We use the so-called double opt-in procedure to carry out and verify newsletter registrations. Registration takes place in several steps. First, you register for the newsletter on our website. You will then receive an e-mail from us at the e-mail address you have provided. In this e-mail, we ask you to confirm that you have actually subscribed to the newsletter and wish to receive it. Confirmation is provided by clicking on a confirmation link in the e-mail. Only after successful confirmation will we add you to our newsletter mailing list and send you future e-mails. As part of the double opt-in procedure, we store the date, time and your IP address both when you register and when you confirm.

9.2 Purpose
Processing is carried out in order to offer the newsletter function and to be able to send newsletter emails to subscribers. The collection and storage of the date, time and IP addresses when subscribing to the newsletter serves to document the consent given and to protect against the misuse of email addresses.

9.3 Legal basis
The processing of our subscriber newsletter is based on consent in accordance with Art. 6 para. 1 lit. a GDPR. Your consent is voluntary. The collection and storage of date, time and IP addresses when registering for the newsletter is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the legitimate interest described in Section 9.2 named purpose.

9.4 Storage period and revocation of consent
If you do not confirm your registration for our newsletter within 24 hours of receiving the corresponding registration email, your data will be deleted automatically. We process your personal data for the duration of your newsletter subscription. You can unsubscribe from our newsletter at any time by withdrawing your consent. A simple declaration is sufficient for this (by e-mail to management@pharisade.com or by post to Pharisade LTD, Tepeleniou 13 2nd floor 8010 Paphos Cyprus). You can also unsubscribe from the newsletter by clicking on the unsubscribe link in every newsletter e-mail. If you withdraw your consent, we will no longer send you newsletters and your personal data will be removed from our active mailing list. We will add your e-mail address to our so-called black list to a limited extent in order to enforce your revocation. This enables us to ensure that you do not receive any newsletters from us in future and that your e-mail address is not misused by third parties.

9.5 Recipients and transfer to third countries

We use the services of the newsletter provider WIX Sendgird & Sparkpost to manage our newsletter mailing list and to send the emails. This takes place within the framework of order processing. WIX Sendgird & Sparkpost is an offer from Wix.com Ltd, Nemal St. 40, 6350671 Tel Aviv, Israel. Further information on data protection at WIX Sendgird & Sparkpost can be found at https://de.wix.com/about/privacy.

10. SOCIAL NETWORKS

10.1 Description of the processing
Our website does not use any social media plugins. The Facebook, Instagram, Twitter and YouTube logos displayed on our website are merely linked to the corresponding profiles of our company on the social networks. Data is not transmitted to the social networks when the logos are integrated. If you click on one of the logos, you will only be redirected to the external website of the respective social network.

However, our profiles within the social networks represent data processing. If you are logged in to the respective social network when you visit such a profile, this information will be assigned to your user account there. If you interact with our profile, e.g. comment on, "share", "like" or "retweet" a post, this information will also be stored in your user account. As a rule, your interactions with our profile can also be viewed by us.

On the social networks Facebook and Instagram, we have the option of obtaining statistical data about the use of our Facebook page or our Instagram profile via the so-called "Insights" function. These statistics are provided by Facebook and Instagram. The "Insights" function cannot be disabled. We cannot decide to switch this function on or off. It is available to all Facebook fan page operators and all operators of an Instagram business account, regardless of whether you use the Insights function or not.

We are provided with the following data in anonymized form via Facebook Insights for a selectable period of time with regard to fans, subscribers, persons reached and interacting persons: Total number of page views, "Like" information including origin, page activity, post interactions, reach, post reach (divided into organic, viral and paid interactions), comments, shared content, replies and demographic evaluations, i.e. country of origin, gender and age. The Insights statistics do not allow us to identify subscribers and fans of our site and view their profiles.

Furthermore, Instagram Insights provides us with data in anonymized form about the development and reach of our Instagram profile, as well as the posts, stories and videos we post there. In Instagram Insights, we also receive statistical information on the place of origin, gender and age of the subscribers to our Instagram profile.

The social networks with which you communicate store your data using pseudonyms as user profiles and use them for advertising and market research purposes. For example, you may be shown advertisements within the social network and on other third-party websites that match your presumed interests. As a rule, cookies are used for this purpose, which the social network stores on your end device. You have the right to object to the creation of these user profiles; to exercise this right, you must contact the social networks directly.

10.2 Purpose
We maintain profiles on the aforementioned social networks for the purpose of public relations and corporate communication with customers and interested parties. We use the "Insights" function of Facebook and Instagram to evaluate the reach of our posts on the social network and to make them more appealing to our visitors in the future.

10.3 Legal basis
The legal basis for data processing in the context of our profiles on social networks is the protection of our overriding legitimate interests (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the data processing described in Section 10.2 named purpose. If you are asked for consent by the respective operator of a social network, the legal basis is Art. 6 para. 1 lit. a GDPR.  With regard to our presence on Facebook and Instagram, data processing is carried out on the basis of joint responsibility in accordance with Art. 26 GDPR.

10.4 Recipients and transfer to third countries
The respective social networks are operated by the companies listed below. Further information on data protection with regard to our profile on the social networks can be found in the linked data protection provisions.

The social networks also process your personal data in the USA.

11. YOUTUBE

11.1 Description of processing
Our website uses services from "YouTube", a video platform operated by YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA (hereinafter referred to as
"YouTube"). YouTube is represented by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. We use YouTube by embedding individual videos from the platform on our website as so-called iFrames so that they can be played directly on our website. The videos are embedded in the "extended data protection mode" offered by YouTube, i.e. no personal data is transferred from you to Google as long as you do not play the videos. Only when you play a video is data transmitted to Google, over which we have no influence. If you play an embedded video on a subpage of our website, Google will be informed which subpage you have visited and which video you have watched. Your IP address may also be transmitted to Google. If you are logged in as a YouTube or Google user, Google will assign this information to your user account. Google stores your data as user profiles and uses them for advertising purposes, for market research and/or for the needs-based design of Google websites. You have the right to object to the creation of these user profiles; to exercise this right, you must contact Google directly. Further information on data protection at Google can be found at www.google.com/intl/de-DE/policies/privacy/.

11.2 Purpose
The processing takes place in order to be able to show you videos on our website.

11.3 Legal basis
The processing is based on consent in accordance with Art. 6 para. 1 lit. a GDPR. This is obtained by us via the consent tool Wix Forms (see section 7.1) or as part of a content blocker at the point on our website where a YouTube video is to be displayed. Such consent is voluntary.

11.4 Revocation of consent
You can withdraw your consent to the display of YouTube videos on our website at any time in the settings of the consent tool Wix Forms with effect for the future.

11.5 Recipients and transmission to third countries
By integrating YouTube, personal data may be transmitted to YouTube LLC or Google. Google also processes your personal data in the USA.

12. SOUNDCLOUD

12.1 Description of processing
Our website uses services from "Soundcloud", a platform for audio material operated by SoundCloud Limited, Rheinsberger Str. 76/77, 10115 Berlin, Germany. We use Soundcloud by embedding individual audio files or playlists from the platform on our website as an iFrame so that they can be played directly on our website. When you visit a subpage of our website on which an audio file is embedded, a connection to the Soundcloud servers is established and the audio file is displayed on our website. This tells Soundcloud which website you have visited. Your IP address may also be transmitted to Soundcloud. If you play an embedded audio file, this information will also be passed on to Soundcloud. If you are logged in as a Soundcloud user, Soundcloud assigns this data to your user account. Further information on data protection at Soundcloud can be found at soundcloud.com/pages/privacy.

12.2 Purpose
The processing takes place in order to be able to integrate playable audio files or playlists from Soundcloud on our website.

12.3 Legal basis
The processing is based on consent in accordance with Art. 6 para. 1 lit. a GDPR. This is obtained by us via the consent tool Wix Forms (see section 7.1) or as part of a content blocker at the point on our website where a Soundcloud audio file is to be displayed. Such consent is voluntary.

12.4 Revocation of consent
You can revoke your consent to the display of Soundcloud audio files on our website at any time in the settings of the consent tool Wix Forms with effect for the future.

12.5 Recipients
By using the Soundcloud service, personal data may be transmitted to the company SoundCloud Global Limited, Rheinsberger Str. 76/77, 10115 Berlin, Germany.

13. SPOTIFY

13.1 Description of the processing
Our website uses plugins from "Spotify", an audio streaming platform operated by Spotify AB, Birger Jarlsgatan 61, 113 56 Stockholm, Sweden. An overview of the Spotify plugins can be found at: developer.spotify.comWe use Spotify by embedding individual audio files, albums or playlists from the platform on our website as so-called iFrame, so that they can be played directly on our website as a stream. When you visit a subpage of our website on which a Spotify plugin is embedded, a connection to the Spotify servers is established and the plugin is displayed within our website. This tells Spotify which website you have visited. Your IP address may also be transmitted to Spotify. If you play an embedded audio file, an album or a playlist, this information will also be passed on to Spotify. If you are logged in as a Spotify user, Spotify will assign this data to your user account. If you do not want Spotify to be able to assign your visit to our website to your Spotify user account, please log out of your Spotify user account. You can find further information on data protection at Spotify at www.spotify.com/de/legal/privacy-policy

13.2 Purpose
The processing takes place in order to be able to integrate playable audio files, albums or playlists from Spotify on our website.

13.3 Legal basis
The processing is based on consent in accordance with Art. 6 para. 1 lit. a GDPR. This is obtained by us via the consent tool Wix Forms (see section 7.1) or as part of a content blocker at the point on our website where a Spotify plugin is to be displayed. Such consent is voluntary.

13.4 Revocation of consent
You can revoke your consent to the display of Spotify plugins on our website at any time in the settings of the consent tool Wix Forms with effect for the future.

13.5 Recipients and transfer to third countries
By using the Spotify service, personal data may be transferred to the company Spotify AB, Birger Jarlsgatan 61, 113 56 Stockholm, Sweden. Spotify also processes this data on servers outside the EU.

 

14. CONTENT DELIVERY NETWORK (CDN)

14.1 Description of the processing
Our website uses so-called Content Delivery Networks (CDN). CDNs shorten the loading time of common JavaScript libraries because the files are transferred
 from fast, local or underutilized servers of external service providers. Another advantage compared to storing the JavaScript libraries locally on our server is that the files are regularly checked for security and kept up to date by the external service providers. We have integrated JavaScript libraries from the external service provider to implement some programming functions on our website. When you visit our website, a connection is established to the servers of the aforementioned external services and the JavaScript library is loaded into our website. This tells the external service provider which website you have visited.

14.2 Purpose
The purpose of processing is to shorten the loading time of our website and to be able to integrate JavaScript and libraries quickly and securely.

14.3 Legal basis
The processing is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the legitimate interest described in Section 14.2 named purpose.

14.4 Recipients and transmission to third countries By integrating the JavaScript libraries, your data is transmitted to one of the following CDNs: Amazon Web Services, Fastly, Inc. and Google Cloud.

15. DONATIONS

15.1 Description of the processing

You have the opportunity to support Children in the manila dump mountains with a donation via our website. We provide a link to the PayPal donation form on our website. The donation form is operated by PayPal (Europe) S.à r.l. et Cie, S.C.A. 22-24 Boulevard Royal L-2449 Luxembourg.

You can choose whether you would like to make a one-off or recurring donation (monthly, quarterly or annually) and whether you would like a donation receipt. We will send the latter by e-mail once a year. We collect your first name, surname and e-mail address as part of the donation form. This data is stored in our donation accounting system together with information on the receipt of payment to our account. The SEPA direct debit and Paypal payment methods are available for donations. As a registered user, you can maintain your data and manage your donations in your account. If you click on the "Donate now" button in the donation form, you will be redirected to the payment provider PayPal if you select the PayPal payment method.

15.2 Purpose

The processing is carried out to complete and process your donation.

15.3 Legal basis

The processing is necessary for the conclusion and fulfillment of a contract for your donation, Art. 6 para. 1 lit. b GDPR. This also applies to the forwarding of the data required to process payments to the respective payment service provider.

15.4 Storage period

Due to charitable and tax law requirements, we are obliged to store your address, payment and donor data for a period of ten years in relation to a respective donation. Your data will be deleted immediately after expiry of the statutory retention periods.

15.5 Recipients

In order to process your donation, personal data will be forwarded to one of the external payment service providers listed below and selected by you as part of your donation:

 

V SECURITY MEASURES

 

16. Security measures

 To protect your personal data from unauthorized access, we have provided our website with an SSL or TLS certificate. SSL stands for "Secure Sockets Layer" and TLS for "Transport Layer Security" and encrypts the communication of data between a website and the user's end device. You can recognize active SSL or TLS encryption by a small padlock logo that is displayed on the far left in the address bar of the browser.

VI YOUR RIGHTS

17. Rights of data subjects

With regard to the data processing described above by our company, you have the following rights as a data subject:

17.1 Information (Art. 15 GDPR)
You have the right to request confirmation from us as to whether we are processing personal data concerning you. If this is the case, you have a right to information about this personal data and to the information listed in detail in Art. 15 GDPR under the conditions specified in Art. 15 GDPR.

17.2 Rectification (Art. 16 GDPR)
You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you and, where applicable, the completion of incomplete personal data.

17.3 Deletion (Art. 17 GDPR)
You have the right to demand that we delete personal data concerning you immediately if one of the reasons listed in Art. 17 GDPR applies, e.g. if your data is no longer required for the purposes we are pursuing.

17.4 Restriction of data processing (Art. 18 GDPR)
You have the right to demand that we restrict processing if one of the conditions listed in Art. 18 GDPR is met, e.g. if you dispute the accuracy of your personal data, data processing will be restricted for the period of time that enables us to verify the accuracy of your data.

17.5 Data portability (Art. 20 GDPR)
You have the right, under the conditions set out in Art. 20 GDPR, to request that the data concerning you be handed over to you in a structured, commonly used and machine-readable format.

17.6 Withdrawal of consent (Art. 7 (3) GDPR)
You have the right to withdraw your consent at any time if the processing is based on consent. The revocation applies from the time it is asserted. In other words, it is effective for the future. Withdrawal of consent therefore does not retroactively render the processing unlawful.

17.7 Complaint (Art. 77 GDPR)
If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority. You can assert this right with a supervisory authority in the EU Member State of your place of residence, your place of work or the place of the alleged infringement.

17.8 Prohibition of automated decision-making/profiling (Art. 22 GDPR)
Decisions that have legal consequences for you or significantly affect you may not be based solely on automated processing of personal data, including profiling. We hereby inform you that we do not use automated decision-making, including profiling, with regard to your personal data.

17.9 Right to object (Art. 21 GDPR)
If we process your personal data on the basis of Art. 6 para. 1 lit. f GDPR (for the protection of overriding legitimate interests), you have the right to object to this under the conditions listed in Art. 21 GDPR. However, this only applies if there are grounds relating to your particular situation. After an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms. We also do not have to stop processing if it serves the assertion, exercise or defense of legal claims. In any case - regardless of a particular situation - you have the right to object to the processing of your personal data for direct marketing purposes at any time.

Status: July 2024

bottom of page