Privacy Policy

I. General information

COALAXY GmbH (hereinafter referred to as “COALAXY”) as the operator of the website www.COALAXY.com takes the protection of personal data very seriously. We treat personal data confidentially and in accordance with the statutory data protection regulations as well as on the basis of this privacy policy. The legal basis can be found in particular in the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).

When you use this website, various personal data are processed depending on the type and scope of use. Personal data is information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly (e.g. by reference to an online identifier). This includes information such as name, address, telephone number and date of birth.

This privacy policy informs you in accordance with Art. 12 et seq. GDPR about how we handle your personal data when you use our website. In particular, it explains what data is collected by us and what we use it for. It also informs you how and for what purpose this is done.

This privacy policy expressly refers to the website-specific data processing processes when visiting our website at www.COALAXY.com. COALAXY also attaches great importance to the protection of personal data beyond the website-specific data processing procedures.

II. Data Controller

The Data Controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, email addresses, etc.). The Data Controller within the meaning of the GDPR and the applicable national data protection laws (in particular the BDSG) and other data protection regulations is

COALAXY GmbH
Schmiedanger 11, 82266 Inning
Tel.: +49 152 54693908
E-Mail: info@COALAXY.com

III. Purposes and legal bases of data processing

1. Accessing and Visiting our website – server log files

For the purpose of the technical provision of the website, it is necessary for us to process certain information automatically transmitted by your browser so that our website can be displayed in your browser and you can use the website. This information is automatically collected each time you visit our website and automatically stored in so-called server log files. These are

  • Browser type and browser version
  • Operating system used
  • Website from which access is made (referrer URL)
  • Host name of the accessing computer
  • Date and time of access
  • IP address of the requesting computer

The storage of the aforementioned access data is necessary for technical reasons in order to provide a functional website and to ensure system security. This also applies to the storage of your IP address, which is necessary and, under further conditions, can at least theoretically enable an assignment to your person. Beyond the above-mentioned purposes, we use server log files exclusively for the needs-based design and optimization of our website purely statistically and without drawing any conclusions about your person. This data is not merged with other data sources, nor is it analysed for marketing purposes.

The access data collected as part of the use of our website is only stored for the period for which this data is required to achieve the aforementioned purposes. Your IP address is stored for IT security purposes on our web server for a maximum of 7 days.

If you visit our website to find out about our range of products and services or to use them, the basis for the temporary storage and processing of access data is Art. 6 para. 1 sentence 1 lit. b GDPR (legal basis), which permits the processing of data for the performance of a contract or for the implementation of pre-contractual measures. In addition, Art. 6 para. 1 sentence 1 lit. f GDPR serves as the legal basis for the temporary storage of technical access data. Our legitimate interest here is to be able to provide you with a technically functioning and user-friendly website and to ensure the security of our systems.

2. Contact Form

If you send us inquiries via the contact form, your message, including the contact details you provide there, will be stored and processed by us for the purpose of processing and answering the inquiry and in the event of follow-up questions. If you contact us by e-mail or telephone, we will store and process your inquiry, including all personal data (name, inquiry), for the purpose of processing your request. We do not pass this data on to third parties unless this is necessary in the context of processing and answering your contact request or you have given us your consent to do so.

If you contact us as part of an existing contractual relationship or contact us in advance for information about our range of services or our other services, the data and information you provide will be used for the purpose of processing and responding to your contact request in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR, otherwise to safeguard our legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR for the appropriate response to customer/contact inquiries or on the basis of your consent (Art. 6 para. 1 lit. a GDPR), if this has been requested.

We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage/processing no longer pertains (e.g. after fulfilling your request). Mandatory statutory provisions – in particular retention periods – remain unaffected.

3. External Hosting

This website is hosted by an external service provider (host). The personal data collected on this website is stored on the host’s servers. This may include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other data generated via a website, etc. The host is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit.f GDPR). Our host will only process your data to the extent necessary to fulfill its performance obligations and follow our instructions with regard to this data. In order to ensure data protection-compliant processing, we have concluded an order processing contract with our host. We use the following host: IONOS

4. Use of cookies and associated functions/technologies

We sometimes use so-called cookies on our website. Cookies do not damage your computer and do not contain viruses. Cookies are used to make our website more user-friendly, effective and secure and to enable the provision of certain functions. Cookies are small text files that are stored on your computer and saved by your browser. A cookie contains a characteristic string of characters that enables your browser to be uniquely identified when you return to the website.

Most of the cookies we use are so-called “session cookies”. They are automatically deleted at the end of your visit or browser session (so-called transistent cookies). Other cookies remain stored on your end device for a specified period of time or until you delete them (persistent cookies). These cookies enable us to recognize your browser on your next visit. We are happy to provide further information on the functional cookies used upon written request. Please use the contact details above.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. You can regularly obtain the procedure for deactivating cookies via the “Help” function of your Internet browser. If cookies are deactivated, the functionality and/or full availability of this website may be restricted. For further cookie-specific setting and deactivation options, please also see the individual explanations below on the specific cookies and associated functions/technologies used when visiting our website.

Some of the cookies we use on our website come from third parties who help us to analyse the impact of our website content and the interests of our visitors, to measure the performance of our website or to place needs-based advertising and other content on our or other websites. As part of our website, we use both first party cookies (only visible from the domain you are currently visiting) and third party cookies (visible across domains and regularly set by third parties).

The cookie-based data processing is carried out on the basis of your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR (legal basis) or on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR (legal basis) to safeguard our legitimate interests. Our legitimate interests are in particular being able to provide you with a technically optimized, user-friendly and needs-based website and to ensure the security of our systems. You can revoke any consent you have given us at any time, e.g. by deactivating the cookie-based tools/plugins listed in detail in the following overview. By making the appropriate settings, you can also object to processing based on legitimate interests.

In detail, cookie-based tools/plugins are used on this website, which are divided into essential and functional services

Essential services: Essential services are required for the basic functionality of the website. They only contain technically necessary services. You cannot object to these services.

  • Real Cookie Banner
    Purpose: Real Cookie Banner asks website visitors to consent to the setting of cookies and the processing of personal data. For this purpose, each website visitor is assigned a UUID (pseudonymous identification of the user), which is valid until the cookie for storing the consent expires. Cookies are used to test whether cookies can be set, to store a reference to the documented consent, to store which services from which service groups the visitor has consented to and, if consent is obtained in accordance with the Transparency & Consent Framework (TCF), to store the consents in TCF partners, purposes, special purposes, functions and special functions. The consent obtained is fully documented as part of the duty of disclosure under the GDPR. In addition to the services and service groups to which the visitor has consented, and if consent is obtained according to the TCF standard, to which TCF partners, purposes and functions the visitor has consented, this includes all settings of the cookie banner at the time of consent as well as the technical circumstances (e.g. size of the viewing area at the time of consent) and the user interactions (e.g. clicks on buttons) that led to consent. Consent is collected once per language.

    Use on the legal basis of: Fulfillment of a legal obligation
    Provider: devowl.io GmbH, Tannet 12, 94539 Grafling, Germany, E-Mail: mail@devowl.io, Telefon: +49 991 20098959 

Funktional services: Functional services are necessary to provide features that go beyond the essential functionality of the website, such as prettier fonts, video playback or interactive Web 2.0 features. Content from video and social media platforms, for example, is blocked by default and can be consented to. If the service is approved, this content is automatically loaded without further manual consent.

  • WordPress Emojis

    Purpose: WordPress Emojis is an emoji set that is loaded from wordpress.org when an old browser is used, which could not display emojis without the integration of the service. This requires the processing of the user’s IP address and metadata. No cookies or cookie-like technologies are set on the user’s client.
    Use on the legal basis of: Consent
    Provider: WordPress.org, 660 4TH St, San Francisco, CA, 94107, USA, E-Mail: dpo@wordpress.org
    Privacy policy: https://de.wordpress.org/about/privacy/

  • Google Fonts

    Purpose: Google Fonts enables the integration of fonts into websites to improve the website without having to install the fonts on your device. This requires the processing of the user’s IP address and metadata. No cookies or cookie-like technologies are set on the user’s client. The data can be used to record the websites visited and can be used to improve Google’s services. It may also be used for profiling, e.g. to offer you personalized services, such as advertising based on your interests or recommendations. Google makes personal data available to its affiliated companies and other trusted companies or persons who process this data for them on the basis of Google’s instructions and in accordance with Google’s privacy policy.
    Use on the legal basis of: Consent
    Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Phone: +1 650 253 0000, E-Mail: dpo-google@google.com, Kontaktformular: https://support.google.com/
    Privacy policy: https://policies.google.com/privacy?hl=de

5. Further Processing Purposes

Compliance with legal requirements: We also process your personal data in order to comply with other legal obligations that may apply to us in connection with our business activities. These include e.g. retention periods under commercial, trade or tax law. We process your personal data in accordance with Art. 6 para. 1 sentence 1 lit. c GDPR (legal basis) to fulfill a legal obligation to which we are subject.

Enforcement of rights: We also process your personal data in order to assert our rights and enforce our legal claims. We also process your personal data in order to be able to defend ourselves against legal claims. Finally, we process your personal data insofar as this is necessary for the prevention or prosecution of criminal offenses. We process your personal data to protect our legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR (legal basis), insofar as we assert legal claims or defend ourselves in legal disputes or we prevent or investigate criminal offenses (legitimate interest).

Consent: If you have given us your consent to process personal data for specific purposes (e.g. sending information material and offers), the lawfulness of this processing is based on your consent. Any consent given can be revoked at any time. This also applies to the revocation of declarations of consent that were given to us before the GDPR came into force, i.e. before May 25, 2018. Please note that the revocation only takes effect for the future and processing up to that point is not affected.

IV. Recipients of data

Within COALAXY, those departments that need your data to fulfil our contractual and legal obligations will have access to it. Service providers and vicarious agents employed by us (e.g. technical service providers, shipping companies, waste disposal companies) may also receive data for these purposes. We limit the transfer of your personal data to what is necessary in accordance with data protection regulations. In some cases, the recipients receive your personal data as processors and are then strictly bound by our instructions when handling your personal data. In some cases, the recipients act independently under their own responsibility under data protection law and are also obliged to comply with the requirements of the GDPR and other data protection regulations.

Finally, in individual cases we transmit personal data to our consultants in legal or tax matters, whereby these recipients are obliged to maintain special confidentiality and secrecy due to their professional status.

V. Data transfer to third countries  

When using the above-mentioned tools, e.g. Google, we may transfer your IP address to third countries (see above). The data transfer is based on the implementing decision (EU) 2016/1250 of the EU Commission of July 12, 2016 in accordance with Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the EU-US Privacy Shield. Otherwise, we do not transfer your personal data to countries outside the EU or the EEA or to international organizations, unless expressly stated otherwise in this privacy policy.

VI. Duration of data storage

We initially process and store your personal data for the duration for which the respective purpose of use requires corresponding storage (see above on the individual processing purposes). This may also include the periods for the initiation of a contract (pre-contractual legal relationship) and the execution of a contract. On this basis, personal data is regularly deleted as part of the fulfillment of our contractual and/or legal obligations, unless its temporary further processing is required for the following purposes:

  • Fulfillment of statutory retention obligations, e.g. arising from the German Commercial Code (Sections 238, 257 (4) HGB) and the German Fiscal Code (Section 147 (3), (4) AO). The retention and documentation periods specified there are up to ten years.
  • Preservation of evidence in consideration of the statute of limitations. According to §§ 194 ff. of the German Civil Code (BGB), these limitation periods can be up to 30 years, whereby the regular limitation period is three years.

VII. Data security

We protect personal data by means of suitable technical and organizational measures in order to ensure an appropriate level of protection and to safeguard the personal rights of the persons concerned. The measures taken serve, among other things, to prevent unauthorized access to the technical equipment used by us and to protect personal data from unauthorized access by third parties. In particular, this website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as the contact requests you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties. Nevertheless, we would like to point out that data transmission over the Internet (e.g. when communicating by e-mail) can have security gaps. Complete protection of data against access by third parties is therefore not possible.

VIII. Your rights as a data subject

You are entitled to the following rights as a data subject under the legal requirements:

Right to information: At any time, within the scope of Art. 15 GDPR you are entitled to request our confirmation as to whether we process personal data concerning you; if this is the case, you are also entitled within the scope of Art. 15 GDPR to receive information about this personal data and certain other information (including processing purposes, categories of personal data, categories of recipients, planned storage period, the origin of the data, the use of automated decision-making and, in the case of third country transfers, the appropriate guarantees) and a copy of your data. The restrictions of § 34 BDSG apply.

Right to rectification: In accordance with Art. 16 GDPR, you are entitled to demand that we rectify the personal data stored about you if it is inaccurate or incorrect.

 

Right to erasure: You are entitled, under the conditions of Art. 17 GDPR, to demand that we erase personal data concerning you without undue delay. The right to erasure does not exist, among other things, if the processing of personal data is necessary, e.g. to fulfil a legal obligation (e.g. statutory retention obligations) or to assert, exercise or defend legal claims. In addition, the restrictions of § 35 BDSG apply.

 

Right to restriction of processing: You are entitled to demand that we restrict the processing of your personal data under the conditions of Art. 18 GDPR.

Right to data portability: You are entitled, under the conditions of Art. 20 GDPR, to demand that we provide you with the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format.

 

Right of withdrawal: You can withdraw your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent given to us before the GDPR came into force, i.e. before May 25, 2018. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected. An informal notification, e.g. by email, is sufficient to declare your revocation.

 

Right to object: You are entitled to object to the processing of your personal data under the conditions of Art. 21 GDPR, so that we must stop processing your personal data. The right to object exists only within the limits provided for in Art. 21 GDPR. In addition, our interests may conflict with the termination of processing, so that we are entitled to process your personal data despite your objection. We will consider an objection to any direct marketing measures immediately and without weighing up the existing interests again.

 

Information about your right to object in accordance with Art. 21 GDPR

 

You have the right to object at any time to the processing of your data based on Art. 6 para. 1 sentence 1 lit. f GDPR (data processing on the basis of a balancing of interests) or Art. 6 para. 1 sentence 1 lit. e GDPR (data processing in the public interest) if there are reasons for this arising from your particular situation.

 

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

 

Your objection can be made informally and should preferably be addressed to COALAXY GmbH, Schmiedanger 11, 82266 Inning am Ammersee, E-mail: info@COALAXY.com

Right to lodge a complaint with a supervisory authority: Under the conditions of Art. 77 GDPR, you have the right to lodge a complaint with a competent supervisory authority. In particular, you can lodge a complaint with a supervisory authority. A list of data protection supervisory authorities and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

 

Other concerns: For further data protection questions and concerns, please contact us. Corresponding inquiries and the exercise of your above rights should, if possible, be sent in writing to our address given above or by e-mail to info@COALAXY.com.

IX. Obligation to provide data

In principle, you are not obliged to provide us with your personal data. However, if you do not do so, we will not be able to make our website available to you without restriction or answer your inquiries to us. Personal data that we do not necessarily require for the above-mentioned processing purposes is marked accordingly as voluntary information.

X. Automated decision making/Profiling

We do not use automated decision-making or profiling (an automated analysis of your personal circumstances).

XI. Up-to-dateness and amendment of this privacy policy

  1. This privacy policy is currently valid and has the status as of 30.10.2023
  2. Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this data protection declaration.