Privacy Policy

The protection and security of your data is important to us. This privacy policy describes how we, SBB Coralsof Jersey City, New Jersey(“SBB Corals”, “we” or “us”) collect, store and process information about individual visitors to our website sbbcorals.com

This privacy policy only applies to website of SBB Corals on which this privacy policy is stored or from which reference is made to this privacy policy by means of a link (hereinafter: “website”). This privacy policy does not apply to linked website that are not owned and controlled by SBB Corals.

Commitment to data protection

Personal Information is any information relating to personal or material circumstances that relates to an identified or identifiable individual. This includes, for example, your name, date of birth, e-mail address, postal address or telephone number as well as online identifiers such as your IP address. In contrast, information of a general nature that cannot be used to determine your identity is not personal data. This includes, for example, the number of users of a website.

In principle, we will only use your personal data in accordance with the applicable data protection lawsand only as described in this privacy policy.

Our principles

SBB Coralsrespects your right to privacy and is committed to the following key principles:

  • We protect your privacy and aim to provide you with a service that is tailored to your needs.
  • Personal Information is collected for specific purposes based on your consent or a legitimate interest when you contact us.
  • You have the right to information and access to your personal data at any time and may request its correction or deletion.
  • We do not sell your personal data to third parties. However, if necessary and if explicitly mentioned afterwards or if you have consented, we may share your data with partners and other service providers. In this case, their own privacy policies may also apply.
  • We take all reasonable measures to ensure the security and protection of your data from misuse.

Data Breaches/Notification

Databases or data sets that include Personal Information may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, we will notify all affected individuals whose Personal Information may have been compromised, and the notice will be accompanied by a description of action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible after which the breach was discovered.

Legal basis for the processing of personal data

In accordance with applicable data protection law, we inform you of the legal basis for our data processing. If the legal basis is not stated, the following applies:

  • consent, insofar as you have consented to the processing,
  • contract, insofar as the processing is necessary for the fulfilment of a contract or pre-contractual measures,
  • legal obligation, insofar as the processing is necessary for the fulfilment of a legal obligation incumbent upon us, and/or
  • legitimate interest, insofar as the processing is footed on our legitimate interest.

Security measures

SBB Corals has taken a variety of security measures to protect personal information to an appropriate extent and adequately. All information held by SBB Corals is protected by physical, technical, and procedural measures that limit access to the information to specifically authorised persons in accordance with this Privacy Policy.

The SBB Corals website is behind a software firewall to prevent access from other networks connected to the Internet. In addition, only employees who need the information to perform a specific job are granted access to personally identifiable information. These employees are trained in security and privacy practices and treat your information confidentially.

Your Rights

You have the right to:

  • request, up to two times each year, access to categories and specific pieces of personal information about you that we collect, use, disclose, and sell;
  • request that we delete personal information that we collect from you, subject to applicable legal exceptions;
  • “opt out” of the “sale” of your “personal information” to “third parties”;

In addition, those who provide personal information to obtain services are entitled to request and obtain from us, once per calendar year, information about the personal information we shared, if any, with other businesses for marketing uses. If applicable, this information would include the categories of personal information and the names and addresses of those businesses with which we shared such personal information for the immediate prior calendar year (e.g., requests made in the current year will receive information about the prior year). To obtain the information about data we hold about you or to effect the opt out, please contact us.

Do Not Track

Do Not Track is a privacy preference you can set in most browsers. We support Do Not Track because we believe that you should have genuine control over how your info gets used and our site responds to Do Not Track requests.

 Do Not Sell My Personal Information

We do not sell information that directly identifies you, like your name, address, banking information, or phone records. In fact, we do not even share that type of information except with service providers who can use the information solely to provide a service on our behalf, when a consumer directs us to share the information. If applicable, you can choose whether you want this sharing or not. Remember, we don’t sell data that directly identifies you unless we have your explicit permission, no matter what choice you make. To make your choices, please contact us.

GDPR Specific Rights

If you are a European Union Citizen, you have the following rights:

  • You have the right to request confirmation as to whether data in question is being processed and to information about this data, as well as further information and a copy of the data in accordance with Art. 15 of the GDPR.

You have according to. Article 16 of the GDPR, you have the right to request that the data concerning you be completed or that inaccurate data concerning you be corrected.

  • In accordance with Art. 17 of the GDPR, you have the right to demand that the data in question be deleted without delay, or alternatively, in accordance with Art. 18 of the GDPR, to demand restriction of the processing of the data.
  • You have the right to obtain the data concerning you that you have provided to us in accordance with Article 20 of the GDPR and to request that it be transferred to other data controllers.
  • You also have the right to lodge a complaint with the competent supervisory authority in accordance with Art. 77 GDPR.
  • You have the right to revoke any consent you have given in accordance with Art. 7 (3) of the GDPR with effect for the future.
  • You may object to the future processing of data relating to you in accordance with Art. 21 GDPR at any time. The objection can be made in particular against the processing for purposes of direct advertising.

Data Subject Access Request

For clarification, you have the right to request confirmation from us at any time as to what information we hold about you and to request that we amend, update, or delete that information. We may comply with your request in response. In addition, we have the following options: Ask you to confirm your identity, or ask you for more information about your request, and were permitted by law, refuse your request. (However, in this case we will explain the reasons for the refusal).

The above rights may be limited in some circumstances, for example, if fulfilling your request would reveal personal information about another person, if you ask us to delete information which we are required to have by law, or if we have compelling legitimate interests to keep it. We will let you know if that is the case and will then only use your information for these purposes. You may also be unable to continue using our services if you want us to stop processing your personal information.

We encourage you to get in touch if you have any concerns with how we collect or use your personal information.

Data Protection when you visit our website

In the next sections we explain when and how we process personal data about you when you visit our website.

a) Provision of the website and creation of log files

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected:

  • Information about the browser type and the version used.
  • The user’s operating system
  • The user’s internet service provider
  • The IP address of the user
  • Date and time of access
  • Websites from which the user’s system accesses our website
  • Websites that are accessed by the user’s system via our website

The legal basis for the temporary storage of the data and the log files is our legitimate interest. The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s device. For this purpose, the user’s IP address must remain stored for the duration of the session.  The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.

b) Use of cookies

When visiting the website, so-called cookies are stored on your computer or device. Cookies are small text files in which the provider of a website stores data relevant to facilitate surfing on the website. Such a cookie cannot be read by any other website than the one that placed the cookie. SBB Corals does not store any of your personal data in the “cookies”. The maximum life of the cookie is 90 days. After this period has expired, the cookie is automatically deleted. A new cookie is set each time you visit the website. If a cookie exists, the information is updated. This corresponds to deleting and resetting the cookie.

The purpose of using technically necessary cookies is to simplify the use of website for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognised even after a page change.

Analysis cookies are used to improve the quality of our website and its content. Through the analysis cookies, we learn how the website is used and can thus constantly optimise our offer.

When calling up our website, users are informed by an information banner about the use of cookies for analysis purposes and referred to this privacy policy. In this context, there is also an indication of how the storage of cookies can be prevented in the browser settings. The legal basis for the processing of personal data using cookies is our legitimate interest. For further information on Cookies please refer to our Cookie Policy.

c) Google Analytics

We use the Google Analytics service of the provider Google on our website.

Google Analytics is a web analytics service that enables us to collect and analyse data about the behaviour of visitors to our website. Google Analytics uses cookies to analyse the use of our website. This involves the processing of personal data in the form of online identifiers (including cookie identifiers), IP addresses, device identifiers and information about interaction with our website.

Some of this data is information stored in the terminal device you are using. In addition, further information is also stored on your end device via the cookies used. Such storage of information by Google Analytics or access to information already stored in your terminal device will only take place with your consent.

Google Ireland will process the data collected in this way on our behalf in order to evaluate the use of our website by users, to compile reports on the activities within our website and to provide us with other services associated with the use of our website and the use of the Internet. In doing so, pseudonymous user profiles of the users can be created from the processed data.

The setting of cookies and the further processing of personal data described here takes place with your consent. The legal basis for data processing in connection with the Google Analytics service is therefore consent. You can revoke this consent at any time with effect for the future.

d) Contacting us

If you contact us using our contact form or e-mail, we process the following data from you for the purpose of processing and handling your enquiry: Name, contact details -if provided by you- and your message.The legal basis of the data processing is our obligation to fulfil the contract and/or to fulfil our pre-contractual obligations and/or our legitimate interest in processing your enquiry.

We use “Google reCAPTCHA” from Google Inc to check whether the data input in our contact form is made by a human being or by an automated program. For this purpose, reCAPTCHA analyses the behaviour of the website visitor on the basis of various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g., IP address, time spent by the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google.

The reCAPTCHA analyses run entirely in the background. Website visitors are not informed that an analysis is taking place. We have a legitimate interest in protecting our offers from abusive automated spying and our users from SPAM.

We use the communication tool Facebook Messenger on our website. The service provider is Meta Platforms Inc, 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are a resident of the EU, Meta Platforms Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

The Facebook data processing condition, which corresponds to the standard contractual clauses, can be found at https://www.facebook.com/legal/terms/dataprocessing.

You can find out more about the data processed through the use of Facebook in the Privacy Policy at https://www.facebook.com/about/privacy.

e) Account Registration

If you register on our website, we will request mandatory and, where applicable, non-mandatory data in accordance with our registration form for the purposes stated below. The entry of your data is encrypted so that third parties cannot read your data when it is entered. The basis for this storage is our legitimate interest in communicating with interested users and, in the case of contracts, also the storage of contract data. Your data will remain stored for as long as the registration lasts, in particular the storage is still necessary for the fulfilment/execution of the contract, for legal prosecution by us or for our other legitimate interests or we are required by law to retain your data (e.g., within the framework of tax retention periods).

f) Convenience log in and sign up

We use the Third-party Connect feature from Facebook on our website. The service provider is Meta Platforms Inc, 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are a resident of the EU, Meta Platforms Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

When registering via connect functions Facebook, you agree to the respective terms and conditions of Facebook and also consent to certain data from your respective profile of being transferred to us.

You can find out more about the data processed through the use of Facebook in the Privacy Policy at https://www.facebook.com/about/privacy.

The Facebook data processing condition, which corresponds to the standard contractual clauses, can be found at https://www.facebook.com/legal/terms/dataprocessing.

g) Contract fulfilment and data management in the context of service provision

We process various data within the framework of the provision of our services and for the initiation and processing of the existing contractual relationship between you and us.

If you have commissioned us to provide a service, we process your data and all information that is necessary in the context of fulfilling the services, exclusively for the purpose of processing and handling the contractual relationship.This includes in particular our appropriate advice and support, correspondence with you, invoicing, fulfilment of our accounting and tax obligations.

h) Payment systems

PayPal

If you choose the payment method Paypal, you will be redirected to Paypal. Payment processing takes place at 2211 North First Street, San Jose, CA, USA. The data processing thus serves the fulfilment of the contract. For further information on data protection law, please refer to PayPal’s Privacy Policy.

Credit/Debit Cards Payments/Buy now Pay Later

Payment by credit card and debit card is made via the payment service providerBread Financial Holdings, Inc. family of companies, including Comenity Bank, Comenity Capital Bank, and Lon Operations LLC. to which you pass on your payment details during the checkout, for payment processing. Your data will only be passed on for the purpose of payment processing with Stripe and only insofar as it is necessary for this purpose.The data processing thus serves the fulfilment of the contract.

Duration of data storage

We only store personal data for as long as it is necessary for the purposes for which it is processed or for as long as any consent you have given us has been revoked by you. Insofar as statutory retention obligations must be observed, the storage period for certain data may be up to 6 years, irrespective of the processing purposes.

Transfer of personal data

SBB Corals will not disclose or otherwise distribute your personal data to third parties unless this is necessary for the performance of our services, you have consented to the disclosure or the disclosure of data is permitted by relevant legal provisions.

SBB Corals is entitled to outsource the processing of your personal data in whole or in part to external service providers acting as processors within the framework of the data protection provisions. External service providers support us, for example, in the technical operation and support of the website, data management, the provision and performance of services, marketing, as well as the implementation and fulfilment of reporting obligations.

The service providers commissioned by SBB Corals process your data exclusively in accordance with our instructions. SBB Corals remains responsible for the protection of your data, which is ensured by strict contractual regulations, technical and organisational measures and additional controls by us.

Personal Information may also be disclosed to third parties if we are legally obliged to do so e.g., by court order or if this is necessary to support criminal or legal investigations or other legal investigations or proceedings at home or abroad or to fulfil SBB Corals’ legitimate interests.

Social Media

We are present in various “social media” platforms (Facebook, Instagram, YouTube) in order to communicate with our customers, interested parties and users registered there and to be able to inform them about our offers there. We would like to point out that you use these platforms and their functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g., commenting, sharing, rating).

In addition, your data may be processed for market research and advertising purposes. For example, usage profiles can be created from your usage behaviour and the resulting interests. This allows, for example, advertisements to be placed within and outside the platforms that presumably correspond to your interests. Cookies are usually stored on your computer for this purpose. Independently of this, data that is not directly collected from your devices may also be stored in the usage profiles (especially if you are a member of the respective platforms and are logged in to them).

We, as the provider of this information service, do not collect and process any data from your use of our service beyond this.

The processing of users’ personal data is based on our legitimate interests in providing users with effective information and communicating with users. If you are asked by the respective providers for consent to data processing, the legal basis for processing is consent.

If you are a member of a social network and do not want the network to collect data about you via our website and link it to your stored membership data with the respective network, you must

  • log out of the respective network before visiting our website,
  • delete the cookies on your device and
  • close and restart your browser.

After logging in again, however, you will once more be recognisable to the network as a specific user. In the case of requests for information and the assertion of user rights, we would also like to point out that these can most effectively be asserted with the providers. Only the providers have access to the users’ data and can take appropriate measures and provide information directly. If you still need help, you can contact us.

Updating your information

If you believe that the information, we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please do so within your account or contact us. For your protection and the protection of all of our users, we may ask you to provide proof of identity before we can answer the above requests.

Keep in mind, we may reject requests for certain reasons, including if the request is unlawful or if it may infringe on trade secrets or intellectual property or the privacy of another user. Also, we may not be able to accommodate certain requests to object to the processing of personal information, notably where such requests would not allow us to provide our service to you anymore.

When you send a data subject access request

The legal basis for the processing of your personal data in the context of handling your data subject access request is our legal obligation and the legal basis for the subsequent documentation of the data subject access request is both our legitimate interest and our legal obligation.

The purpose of processing your personal data in the context of processing data when you send a data subject access request is to respond to your request. The subsequent documentation of the data subject access request serves to fulfil the legally required accountability. Your personal data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the processing of a data subject access request, this is three years after the end of the respective

process. You have the possibility at any time to object to the processing of your personal data in the context of the processing of a data subject access request for the future. In this case, however, we will not be able to further process your request. The documentation of the legally compliant processing of the respective data subject access request is mandatory. Consequently, there is no possibility for you to object.

Links to other providers

Our website also contains – clearly recognisable – links to the websites of other companies. Insofar as there are links to websites of other providers, we have no influence on their contents. Therefore, no guarantee or liability can be assumed for these contents. The respective provider or operator of the pages is always responsible for the content of these pages.

The linked pages were checked for possible legal violations and recognisable infringements at the time of linking. Illegal contents were not recognisable at the time of linking. However, permanent monitoring of the content of the linked pages is not reasonable without concrete indications of a legal violation. Such links will be removed immediately if infringements of the law become known.

Personal information and children

Our services are aimed at people aged 18 and over. We will not knowingly collect, use or disclose personal information from minors under the age of 18 without first obtaining consent from a legal guardian through direct offline contact.

Changes and updates to the privacy policy

We kindly ask you to regularly inform yourself about the content of our privacy policy. We will amend the privacy policy as soon as changes to the information processing activities we carry out make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g., consent) or other individual notification.

Concerns and Contact

If you have any concerns about a possible compromise of your privacy or misuse of your personal information on our part, or any other questions or comments, you can contact us.