Personal Information is any information relating to personal or material circumstances that relates to an identified or identifiable individual. This includes, for example, your name, date of birth, e-mail address, postal address or telephone number as well as online identifiers such as your IP address. In contrast, information of a general nature that cannot be used to determine your identity is not personal data. This includes, for example, the number of users of a website.
SBB Coralsrespects your right to privacy and is committed to the following key principles:
Databases or data sets that include Personal Information may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, we will notify all affected individuals whose Personal Information may have been compromised, and the notice will be accompanied by a description of action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible after which the breach was discovered.
In accordance with applicable data protection law, we inform you of the legal basis for our data processing. If the legal basis is not stated, the following applies:
The SBB Corals website is behind a software firewall to prevent access from other networks connected to the Internet. In addition, only employees who need the information to perform a specific job are granted access to personally identifiable information. These employees are trained in security and privacy practices and treat your information confidentially.
You have the right to:
In addition, those who provide personal information to obtain services are entitled to request and obtain from us, once per calendar year, information about the personal information we shared, if any, with other businesses for marketing uses. If applicable, this information would include the categories of personal information and the names and addresses of those businesses with which we shared such personal information for the immediate prior calendar year (e.g., requests made in the current year will receive information about the prior year). To obtain the information about data we hold about you or to effect the opt out, please contact us.
Do Not Track is a privacy preference you can set in most browsers. We support Do Not Track because we believe that you should have genuine control over how your info gets used and our site responds to Do Not Track requests.
We do not sell information that directly identifies you, like your name, address, banking information, or phone records. In fact, we do not even share that type of information except with service providers who can use the information solely to provide a service on our behalf, when a consumer directs us to share the information. If applicable, you can choose whether you want this sharing or not. Remember, we don’t sell data that directly identifies you unless we have your explicit permission, no matter what choice you make. To make your choices, please contact us.
If you are a European Union Citizen, you have the following rights:
You have according to. Article 16 of the GDPR, you have the right to request that the data concerning you be completed or that inaccurate data concerning you be corrected.
For clarification, you have the right to request confirmation from us at any time as to what information we hold about you and to request that we amend, update, or delete that information. We may comply with your request in response. In addition, we have the following options: Ask you to confirm your identity, or ask you for more information about your request, and were permitted by law, refuse your request. (However, in this case we will explain the reasons for the refusal).
The above rights may be limited in some circumstances, for example, if fulfilling your request would reveal personal information about another person, if you ask us to delete information which we are required to have by law, or if we have compelling legitimate interests to keep it. We will let you know if that is the case and will then only use your information for these purposes. You may also be unable to continue using our services if you want us to stop processing your personal information.
We encourage you to get in touch if you have any concerns with how we collect or use your personal information.
In the next sections we explain when and how we process personal data about you when you visit our website.
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected:
The legal basis for the temporary storage of the data and the log files is our legitimate interest. The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s device. For this purpose, the user’s IP address must remain stored for the duration of the session. The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.
When visiting the website, so-called cookies are stored on your computer or device. Cookies are small text files in which the provider of a website stores data relevant to facilitate surfing on the website. Such a cookie cannot be read by any other website than the one that placed the cookie. SBB Corals does not store any of your personal data in the “cookies”. The maximum life of the cookie is 90 days. After this period has expired, the cookie is automatically deleted. A new cookie is set each time you visit the website. If a cookie exists, the information is updated. This corresponds to deleting and resetting the cookie.
Analysis cookies are used to improve the quality of our website and its content. Through the analysis cookies, we learn how the website is used and can thus constantly optimise our offer.
We use the Google Analytics service of the provider Google on our website.
Some of this data is information stored in the terminal device you are using. In addition, further information is also stored on your end device via the cookies used. Such storage of information by Google Analytics or access to information already stored in your terminal device will only take place with your consent.
Google Ireland will process the data collected in this way on our behalf in order to evaluate the use of our website by users, to compile reports on the activities within our website and to provide us with other services associated with the use of our website and the use of the Internet. In doing so, pseudonymous user profiles of the users can be created from the processed data.
The setting of cookies and the further processing of personal data described here takes place with your consent. The legal basis for data processing in connection with the Google Analytics service is therefore consent. You can revoke this consent at any time with effect for the future.
If you contact us using our contact form or e-mail, we process the following data from you for the purpose of processing and handling your enquiry: Name, contact details -if provided by you- and your message.The legal basis of the data processing is our obligation to fulfil the contract and/or to fulfil our pre-contractual obligations and/or our legitimate interest in processing your enquiry.
We use “Google reCAPTCHA” from Google Inc to check whether the data input in our contact form is made by a human being or by an automated program. For this purpose, reCAPTCHA analyses the behaviour of the website visitor on the basis of various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g., IP address, time spent by the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google.
The reCAPTCHA analyses run entirely in the background. Website visitors are not informed that an analysis is taking place. We have a legitimate interest in protecting our offers from abusive automated spying and our users from SPAM.
We use the communication tool Facebook Messenger on our website. The service provider is Meta Platforms Inc, 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are a resident of the EU, Meta Platforms Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
The Facebook data processing condition, which corresponds to the standard contractual clauses, can be found at https://www.facebook.com/legal/terms/dataprocessing.
If you register on our website, we will request mandatory and, where applicable, non-mandatory data in accordance with our registration form for the purposes stated below. The entry of your data is encrypted so that third parties cannot read your data when it is entered. The basis for this storage is our legitimate interest in communicating with interested users and, in the case of contracts, also the storage of contract data. Your data will remain stored for as long as the registration lasts, in particular the storage is still necessary for the fulfilment/execution of the contract, for legal prosecution by us or for our other legitimate interests or we are required by law to retain your data (e.g., within the framework of tax retention periods).
We use the Third-party Connect feature from Facebook on our website. The service provider is Meta Platforms Inc, 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are a resident of the EU, Meta Platforms Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
When registering via connect functions Facebook, you agree to the respective terms and conditions of Facebook and also consent to certain data from your respective profile of being transferred to us.
The Facebook data processing condition, which corresponds to the standard contractual clauses, can be found at https://www.facebook.com/legal/terms/dataprocessing.
We process various data within the framework of the provision of our services and for the initiation and processing of the existing contractual relationship between you and us.
If you have commissioned us to provide a service, we process your data and all information that is necessary in the context of fulfilling the services, exclusively for the purpose of processing and handling the contractual relationship.This includes in particular our appropriate advice and support, correspondence with you, invoicing, fulfilment of our accounting and tax obligations.
Payment by credit card and debit card is made via the payment service providerBread Financial Holdings, Inc. family of companies, including Comenity Bank, Comenity Capital Bank, and Lon Operations LLC. to which you pass on your payment details during the checkout, for payment processing. Your data will only be passed on for the purpose of payment processing with Stripe and only insofar as it is necessary for this purpose.The data processing thus serves the fulfilment of the contract.
We only store personal data for as long as it is necessary for the purposes for which it is processed or for as long as any consent you have given us has been revoked by you. Insofar as statutory retention obligations must be observed, the storage period for certain data may be up to 6 years, irrespective of the processing purposes.
SBB Corals will not disclose or otherwise distribute your personal data to third parties unless this is necessary for the performance of our services, you have consented to the disclosure or the disclosure of data is permitted by relevant legal provisions.
SBB Corals is entitled to outsource the processing of your personal data in whole or in part to external service providers acting as processors within the framework of the data protection provisions. External service providers support us, for example, in the technical operation and support of the website, data management, the provision and performance of services, marketing, as well as the implementation and fulfilment of reporting obligations.
The service providers commissioned by SBB Corals process your data exclusively in accordance with our instructions. SBB Corals remains responsible for the protection of your data, which is ensured by strict contractual regulations, technical and organisational measures and additional controls by us.
Personal Information may also be disclosed to third parties if we are legally obliged to do so e.g., by court order or if this is necessary to support criminal or legal investigations or other legal investigations or proceedings at home or abroad or to fulfil SBB Corals’ legitimate interests.
We are present in various “social media” platforms (Facebook, Instagram, YouTube) in order to communicate with our customers, interested parties and users registered there and to be able to inform them about our offers there. We would like to point out that you use these platforms and their functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g., commenting, sharing, rating).
In addition, your data may be processed for market research and advertising purposes. For example, usage profiles can be created from your usage behaviour and the resulting interests. This allows, for example, advertisements to be placed within and outside the platforms that presumably correspond to your interests. Cookies are usually stored on your computer for this purpose. Independently of this, data that is not directly collected from your devices may also be stored in the usage profiles (especially if you are a member of the respective platforms and are logged in to them).
We, as the provider of this information service, do not collect and process any data from your use of our service beyond this.
The processing of users’ personal data is based on our legitimate interests in providing users with effective information and communicating with users. If you are asked by the respective providers for consent to data processing, the legal basis for processing is consent.
If you are a member of a social network and do not want the network to collect data about you via our website and link it to your stored membership data with the respective network, you must
After logging in again, however, you will once more be recognisable to the network as a specific user. In the case of requests for information and the assertion of user rights, we would also like to point out that these can most effectively be asserted with the providers. Only the providers have access to the users’ data and can take appropriate measures and provide information directly. If you still need help, you can contact us.
If you believe that the information, we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please do so within your account or contact us. For your protection and the protection of all of our users, we may ask you to provide proof of identity before we can answer the above requests.
Keep in mind, we may reject requests for certain reasons, including if the request is unlawful or if it may infringe on trade secrets or intellectual property or the privacy of another user. Also, we may not be able to accommodate certain requests to object to the processing of personal information, notably where such requests would not allow us to provide our service to you anymore.
The legal basis for the processing of your personal data in the context of handling your data subject access request is our legal obligation and the legal basis for the subsequent documentation of the data subject access request is both our legitimate interest and our legal obligation.
The purpose of processing your personal data in the context of processing data when you send a data subject access request is to respond to your request. The subsequent documentation of the data subject access request serves to fulfil the legally required accountability. Your personal data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the processing of a data subject access request, this is three years after the end of the respective
process. You have the possibility at any time to object to the processing of your personal data in the context of the processing of a data subject access request for the future. In this case, however, we will not be able to further process your request. The documentation of the legally compliant processing of the respective data subject access request is mandatory. Consequently, there is no possibility for you to object.
Our website also contains – clearly recognisable – links to the websites of other companies. Insofar as there are links to websites of other providers, we have no influence on their contents. Therefore, no guarantee or liability can be assumed for these contents. The respective provider or operator of the pages is always responsible for the content of these pages.
The linked pages were checked for possible legal violations and recognisable infringements at the time of linking. Illegal contents were not recognisable at the time of linking. However, permanent monitoring of the content of the linked pages is not reasonable without concrete indications of a legal violation. Such links will be removed immediately if infringements of the law become known.
Our services are aimed at people aged 18 and over. We will not knowingly collect, use or disclose personal information from minors under the age of 18 without first obtaining consent from a legal guardian through direct offline contact.
If you have any concerns about a possible compromise of your privacy or misuse of your personal information on our part, or any other questions or comments, you can contact us.