Personal data is any information relating to personal or material circumstances that relates to an identified or identifiable individual. This includes, for example, your name, date of birth, e-mail address, postal address or telephone number as well as online identifiers such as your IP address. In contrast, information of a general nature that cannot be used to determine your identity is not Personal data. This includes, for example, the number of users of a website.
In the next sections we explain when and how we process Personal data about you when you visit our website.
We only collect and process access data that your internet browser automatically transmits to us for technical reasons in order to provide the website. Depending on the access protocol used, the protocol data record contains general information with the following contents: Your session data (usage behaviour, length of stay, which links were clicked on, etc.), your abbreviated and unabbreviated IP address, your browser version, your operating system, your website-specific settings, your cookie IDs, your pixel IDs. This data does not allow any direct inference to your person and is processed to improve our website offer and to defend against attempted attacks on our web server. The legal basis for the processing of your Personal data is Art. 6 (1) f) GDPR. We have a legitimate interest in presenting you with a website optimised for your browser and in enabling communication between our server and your device.
To provide our website, we use the services of WordPress a service provided by Automattic Inc who process the above-mentioned data and all data to be processed in connection with the operation of this website (log file when visiting the website) on our behalf. The legal basis for the data processing is our legitimate interest in providing our website in accordance with Art. 6 (1) f) GDPR.
We also use the Content Management System (CMS) of WordPress to publish and maintain the created and edited Content and texts on our website and to provide the forms used. This means that all content and texts submitted to us by users for publication is transferred to WordPress. In addition to texts, this also includes, for example your data in our forms. The legal basis for this processing is our legitimate interestin accordance with Art. 6 (1) f) GDPR.
Enquiries via phone, contact form, e-mail or social media may include your name, address, e-mail address, the subject of your contact and your message and your phone number if provided. We process and store the personal data provided in the contact enquiry solely for the purpose of processing and responding to your enquiry and contacting you. The legal basis for the processing of your Personal data is Art. 6 (1) b) GDPR.
We store and process information that you give us as part of a donation primarily for the purpose of carrying out the collection of donations that you have instructed us to do. Your donation will be processed through the payment service provider Stripe, as described below and the payment data will not be passed on to any other third parties. The data collected is required for carrying out the donation. The user's e-mail address is required to confirm receipt of the donation. The data will not be used for any other purpose. The legal basis for the processing of your personal data is Art. 6 (1) b) GDPR.
If you make a donation your payment will be processed via the payment service provider Stripe and your Personal data will be processed through the payment system of Stripe. As such Stripe transmits the payment data to process your donation. The legal basis for the processing of your Personal data is the establishment and implementation of the user contract for the use of the service in accordance with Art. 6 (1) b) GDPR
We may also process your Personal data in the context of administrative tasks as well as organisation of our operations, financial accounting, offline donations, and compliance with legal obligations, such as archiving Art. 6 (1) c) GDPR. In this regard, we process the same data that we process in the course of providing our contractual services Art. 6 (1) b) GDPR.
We send newsletters, e-mails and other electronic notifications with promotional information without the use of a newsletter dispatch service provider and only with the consent of the recipients or a legal permission. Apart from that, our newsletters contain information about our Phoenix Bar, our cause, and Flaming Phoenix. Every directly addressed e-mail sent or made by us will include a means by which you may unsubscribe or opt out. The legal basis is your consent (Art. 6 (1) a) GDPR) as well as our legitimate interest (Art. 6 (1) f) GDPR).
Flaming Phoenix will not disclose or otherwise distribute your Personal data to third parties unless this is necessary for the performance of our services (legal basis for processing: Art. 6 (1) b) GDPR), you have consented to the disclosure (legal basis for processing: Art. 6 (1) a) GDPR) or the disclosure of data is permitted by relevant legal provisions.
Flaming Phoenix is entitled to outsource the processing of your Personal data in whole or in part to external service providers acting as processors for Flaming Phoenix within the framework of the DPA and the GDPR. External service providers support us, for example, in the technical operation and support of the website, data management, the provision and performance of services and donations as indicated above, as well as the implementation and fulfilment of reporting obligations.
The service providers commissioned by Flaming Phoenix process your data exclusively in accordance with our instructions. Flaming Phoenix remains responsible for the protection of your data, which is ensured by strict contractual regulations, technical and organisational measures and additional controls by us.
Personal data may also be disclosed to third parties if we are legally obliged to do so e.g., by court order (legal basis for processing: Art. 6 (1) (c) GDPR) or if this is necessary to support criminal or legal investigations or other legal investigations or proceedings at home or abroad or to fulfil Flaming Phoenix' legitimate interests (legal basis for processing: Art. 6 (1) (f) GDPR).
Your Personal data will be stored by us only for as long as is necessary to achieve the purposes for which the data was collected or - if statutory retention periods exist that go beyond this point and for the duration of the legally prescribed retention period (typically 6 years). We then delete your Personal data. Only in a few exceptional cases is your data be stored beyond this period, e.g., if storage is necessary in connection with the enforcement of and defence against legal claims against us.
Flaming Phoenix is entitled to process your Personal data insofar as this is necessary to fulfil legal obligations. For this purpose, Flaming Phoenix may transfer this data in particular to authorities, law enforcement agencies and courts. In this case, the transfer of your data is required by Art. 6 (1) (c) GDPR for compliance with a legal obligation to which we are subject. Flaming Phoenix is further entitled to process Personal data if and to the extent necessary to detect or prevent misuse of this website or to enforce claims of Flaming Phoenix, our staff, or users, whereby the data processing in these cases is necessary to protect these aforementioned legitimate interests of Flaming Phoenix pursuant to Art. 6 (1) (f) GDPR. Insofar as the disclosure of health data is necessary for the assertion of claims or the defence against claims, the related data processing is based on Art. 9 (2) f) GDPR.
Our main operations are based in the UK and the EEA, and your Personal data is generally processed, stored and used in the UK and the EEA. In some instances, your Personal data may be processed outside the UK and the EEA. If and when this is the case, we take steps to ensure there is an appropriate level of security, so your Personal data is protected in the same way as if it was being used within the UK and the EEA.
You have a number of ‘Data Subject Rights’ below is some information on what they are and how you can exercise them. These rights are standardised in the DPA and the GDPR and includes:
You can assert your rights by notifying me using the contact details provided.
The above rights may be limited in some circumstances, for example, if fulfilling your request would reveal Personal data about another person, if you ask us to delete information which we are required to have by law, or if we have compelling legitimate interests to keep it. We will let you know if that is the case and will then only use your information for these purposes. You may also be unable to continue using our services if you want us to stop processing your Personal data.
We encourage you to get in touch if you have any concerns with how we collect or use your Personal data. You do however also have the right to lodge a complaint. The Information Commissioner`s Office (ICO), which is the relevant authority in the UK. The ICO is located at Wycliffe House, Water Ln, Wilmslow SK9 5AF, UK and their website can be found at www.ico.org.uk. We would, however, appreciate the chance to deal with your concerns before you approach the ICO or any other supervisory authority.
To ensure the security and confidentiality of the personal data we collect on the website, we use data networks that are protected by, among other things, industry-standard firewalls and password systems. When handling your Personal data, we take appropriate technical and organisational measures to protect your information from loss, misuse, unauthorised access, disclosure, alteration or destruction and to ensure its availability.
We maintain online presences in Facebook, LinkedIn, Instagram, Twitter on the basis of our legitimate interests. We maintain online presences within social networks and platforms in order to communicate with users, supporters, and interested users who are active there. Unless otherwise stated in this policy, we process the data of users if they communicate with us within the social networks and platforms, e.g., write articles on our online presences or send us messages.We would like to point out that you use these platforms and their functions on your own responsibility, in particular to the use of the interactive functions (e.g., commenting, sharing, rating).
Most of the services available on this website are aimed at people aged 18 and over. We will not knowingly collect, use or disclose Personal data from minors under the age of 18 without first obtaining consent from a legal guardian through direct offline contact. The parent or guardian will be provided with (i) information about the specific type of Personal data being collected from the minor, (ii) the purpose for which it will be used, and (iii) the opportunity to object to any further collection, use or storage of such information. We comply with youth protection laws.
The website may contain links to another website. We have no control over the privacy practices or the content of those other website. Therefore, we recommend that you carefully read the respective privacy policies of these other website that you visit.
This Policy and our commitment to protecting the privacy of your Personal data can result in changes to this Policy. Please regularly review this Policy to keep up to date with any changes.
Any comments or queries on this policy should be directed to us using the following contact details.
+44 (0) 203 745 2613
167-167 Great Portland Street, 5th Floor, London, W1W 5PF
Company Number: 13395523
If you believe that we have not complied with this policy or acted otherwise than in accordance with data protection law, then you should notify us.