beta
1. GENERAL PROVISIONS
Coral Club respects your privacy. Therefore, we collect and use your personal data only to the extent necessary to provide you with world-class products and services, as well as websites and mobile applications (collectively, the "Services"). Personal data includes the following information:
Our Privacy Policy explains what data we collect and how we do it, as well as how and why we use your personal data. It also describes the options available to you for accessing, processing, modifying, and managing your personal data.
If you have any questions regarding the methods we use or your rights described below, you can contact our support service at support.cy@coral-club.com. We continuously monitor emails sent to this address to provide you with a level of service you can always rely on.
We have also created a Privacy Center that provides answers to frequently asked questions, links for quick access to account settings, instructions for exercising some of your rights, and definitions of key terms and concepts used in this Privacy Policy.
2. What Information We Collect
We collect personal data only to the extent necessary to provide our services, fulfill contractual or legal obligations, based on your consent, or to protect our legitimate interests (Art. 6 para. 1 lit. a, b, c, f GDPR). When storing or accessing information on end devices, the requirements of § 25 TTDDG (formerly TTDSG) also apply.
Web Hosting (Art. 6 para. 1 lit. f GDPR): We use a European hosting provider to operate this website. The IP address and server log files are processed on our behalf. A Data Processing Agreement (Art. 28 GDPR) is in place with the provider. Server locations: EU/EEA; for data transfers to third countries, we apply Art. 45/46 GDPR (DPF/SCC).
When Visiting the Website (Server Log Files) (Art. 6 para. 1 lit. f GDPR): Your browser transmits technically necessary information (e.g., IP address, date/time, browser/OS, referrer URL). The IP address is stored in log files for a maximum of 30 days and then automatically deleted (for IT security, stability, and error analysis purposes).
Contact Form / Email (Art. 6 para. 1 lit. b for contract-related inquiries; otherwise lit. f GDPR): We collect only necessary information (Art. 5 para. 1 lit. c GDPR). Required fields: Club number, name, email, message. Optional: phone number (for faster response). Alternatively, you may contact us directly by email; data will be deleted after completion unless legal retention requirements apply.
User Account (Club Membership) (Art. 6 para. 1 lit. b GDPR): For the optional account, we collect your email address, first and last name, and address. Optional: phone number, gender. Date of birth is collected only if necessary for age or identity verification (e.g., for certain payment methods). Account deletion can be requested via datenschutz@coral-club.com; legal retention obligations remain unaffected (Art. 6 para. 1 lit. c GDPR).
Order Without Registration (Guest Order) (Art. 6 para. 1 lit. b GDPR): Required information: first and last name, address, email, and payment details (depending on payment method). Date of birth — only for invoice purchases (fraud/credit check; Art. 6 para. 1 lit. f GDPR). Retention follows commercial and tax law (Art. 6 para. 1 lit. c GDPR).
“Extended Information” Option (Art. 6 para. 1 lit. a GDPR): This community feature is disabled by default. You can selectively share: (i) contact info (email/phone), (ii) messenger IDs, (iii) event participation, (iv) purchase history up to 3 months. Only information you actively enable in your member/partner account becomes visible. Withdrawal of consent is possible at any time in account settings (Art. 7 para. 3 GDPR). Note: We remain the controller responsible for the lawful provision and access control of this feature.
Newsletter (§ 7 UWG in conjunction with Art. 6 para. 1 lit. a GDPR): Sent after Double-Opt-In confirmation. Required field: email. Tracking of openings/clicks only with consent. Unsubscribe via the “unsubscribe” link in the email or by contacting us directly. The legal basis for logging the Double-Opt-In process is Art. 6 para. 1 lit. f GDPR (proof of consent).
Contests / Surveys (Art. 6 para. 1 lit. b GDPR; optional marketing Art. 6 para. 1 lit. a GDPR): Data collected depends on the specific form.
Contact Channels – Overview:
WhatsApp (Business Platform) (Art. 6 para. 1 lit. b/f GDPR): Contact via Click-to-Chat or saved number. Processed data: phone number, account name, sent content (text/image), metadata (timestamp, device info, IP). Message content is end-to-end encrypted; metadata may still be processed by the provider. Cross-border transfers via Meta/WhatsApp are based on DPF/SCC; details: Business Data Transfer Addendum and whatsapp.com/legal/privacy-policy. Use is voluntary; alternatives include phone/email.
Telegram (Art. 6 para. 1 lit. b/f GDPR): Contact via our official account/channel. Processed data: username, phone number (if available), message content, metadata. Cloud chats are not end-to-end encrypted; Secret chats are. Provider: Telegram FZ-LLC (UAE). More info: telegram.org/privacy.
Social Media Presence (Facebook, Instagram, X/Twitter, etc.): When visiting our social media pages, data may be processed for marketing and analytics purposes. Where we jointly determine purposes and means of processing with the platform (e.g., “Page Insights”), we act under joint controllership (Art. 26 para. 1–2 GDPR). Information about joint processing can be found in each platform’s “Page Insights Addendum.”
Further details on retention periods and data recipients are provided in Section 3 of this Privacy Notice.
3. How We Use Information
We process personal data for the purposes listed below, based on the relevant legal grounds of the General Data Protection Regulation (GDPR) and the Telecommunications-Telemedia Data Protection Act (TTDDG):
Recipients / Data Processors (Art. 13 para. 1 lit. e, Art. 28 GDPR): hosting / cloud, IT maintenance, payment, shipping, CRM / support, newsletter, web analytics / tag management, consent management.
Advertising Objection Lists (Robinson List) (Art. 6 para. 1 lit. f GDPR): To ensure that no unwanted advertising is sent, your contact details are shared with authorized service providers solely for comparison against internal suppression lists.
Intra-Group Recipients (Art. 6 para. 1 lit. b/f GDPR): Transfers within the corporate group are made for contract fulfillment as well as for centralized support, IT, compliance, and reporting purposes, in accordance with data protection laws and internal data protection agreements (Intra-Group Agreements pursuant to Art. 46 para. 2 lit. c GDPR).
Data Transfers to Third Countries (Art. 44 et seq. GDPR): Transfers occur only on the basis of an adequacy decision (Art. 45) or appropriate safeguards (Art. 46, especially EU Standard Contractual Clauses). For U.S. recipients certified under the EU–U.S. Data Privacy Framework (DPF), we rely on the adequacy decision of July 10, 2023 (Art. 45); otherwise, transfers follow Art. 46 GDPR.
IMPORTANT – Right to Object (Art. 21 GDPR): You may object to the processing of your data at any time for reasons arising from your particular situation; for direct marketing purposes, you may object at any time without giving reasons. Please send objections to: datenschutz@coral-club.com.
7. Age restrictions.
Our Services may only be purchased by individuals who are at least 18 years old. The Services are not intended for and are not directed to individuals under 18. If you know or have reason to believe that a person under 18 has provided us with their personal data, please contact us.
8. Data protection authority.
We reserve the right to modify this Privacy Policy at any time. If we decide to change our Privacy Policy, we will post the changes in this Privacy Policy and any other places we deem necessary so that you are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If we make material changes to this Privacy Policy, we will notify you here, by email, or by means of a notice on our homepage at least 30 (thirty) days before the changes take effect.
9. Contact us.
If you have any questions or complaints regarding our Privacy Policy, our practices, or our Services, you can contact our Data Protection Department at support.cy@coral-club.com. You can also reach us through one of the following methods:
Phone: +35796200819
We respond to all inquiries and questions within 30 (thirty) days.
10. Additional Information
We use cookies on our websites to collect and store data fragments in small files on your computer's hard drive to ensure the most convenient navigation according to your preferences. Our cookies do not store any personal data. We use them only to identify your computer and collect navigation data (e.g., previous pages viewed on our website, your IP address).
"Cookies" are small text files stored on the user's computer for reporting purposes. This file is used when you access this site to identify the client and ensure a more convenient experience.
Third-party contact addresses
11. The following third-party providers and social media plugins may be permanently or temporarily included on our site:
Google Maps
Operator: Google Maps API is a mapping service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
We use the Google Maps API to display an interactive map and create directions or assist in locating one of our retail locations. When using Google Maps, information about your use of this website (including your IP address) may be transmitted to and stored on a Google server in the USA.
For more information on privacy and terms of use for Google Maps, visit: https://www.google.com/intl/de_de/help/terms_maps.html
https://policies.google.com/privacy?hl=de
Operator:
Operator:
Operator:
Operator:
Operator:
Operator:
Use the Coral Club app to place orders and manage your personal account straight from your phone.
