I. Name and Address of the Controller

The Controller within the meaning of the General Data Protection Regulation and other national data protection acts of the member states as well as miscellaneous regulations for the purpose of data protection is:

COALSTER GmbH
Ottostraße 1
63741 Aschaffenburg
Germany

represented by their CEO Stefan Oehrlein
Phone: +49 (0) 6021 1 50 86-0
E-Mail: This email address is being protected from spambots. You need JavaScript enabled to view it.
Website: https://coalster.eu

II. General Information on Data Processing

1. Scope of Processing of Personal Data

As a principle, we process the personal data of our users only to the extent necessary for providing a functioning website and making our contents and services available. The personal data of users is always processed only after the user has given his or her consent. An exception applies in such cases where it is impossible to previously obtain such consent for factual reasons and where the processing of data is permitted by statutory regulations. Apart from that, the principles result from following specifications.

2. Legal Basis for the Processing of Personal Data

If we have obtained the data subject’s consent to the processing of his or her personal data, the legal basis is art. 6(1)(a) of the EU General Data Protection Regulation (GDPR).

If the processing of personal data is necessary for the performance of a contract to which the data subject is party, legal basis is art. 6(1)(b) of the GDPR. This also applies to processing operations which are necessary to take steps prior to entering into a contract.

If the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, legal basis is art. 6(1)(c) of the GDPR.

If the processing is necessary to protect the legitimate interests of our company or a third party, except where such interests are overridden by the interests, fundamental rights and freedoms of the data subject, legal basis for the processing is art. 6(1)(f) of the GDPR.

3. Erasure of Data and Storage Time

Personal data of the data subject is erased or the processing of such personal data is restricted as soon as the purpose for storage is no longer applicable. In addition, data may be stored if this is required by European or national legislature in statutory orders, laws or other regulations under Union law to which the Controller is subject. Also, processing is restricted or data is erased when the mandatory storage period specified by the mentioned standards expires unless longer storage of the data is required for concluding or fulfilling a contract.

III. Transfer to Third Parties

As a basic principle, we won’t transfer your personal data to third parties. Moreover, we ensure by taking appropriate provisions and conducting regular controls that the data we collected cannot be viewed or grabbed from outside by third parties.

IV. Providing the Website and Creating Logfiles

1. Description and Scope of Data Processing

Whenever our web page is visited, our website provider automatically collects data and information from the computer system of the data processor from which our website is viewed.

The following data is collected:

  1. Information on the browser type and the version used
  2. The user’s operating system
  3. The user’s Internet service provider
  4. The user’s IP address
  5. Date and time of visiting
  6. Websites from which the system of the user got to our web pages
  7. Websites which are accessed by the user’s system via our website.

This data is also stored in the logfiles of our website provider. This data is not stored together with other personal data of the user.

2. Legal Basis for Data Processing

Legal basis for temporary storage of the data and the logfiles is art. 6(1)(f) of the GDPR.

3. Purpose of Data Processing

The temporary storage of the IP address by the system of our website provider is necessary to ensure that the website is delivered to the computer of the user. For this purpose, the user’s IP address has to be stored for the duration of the session.

The data is stored in logfiles to ensure the functionality of the website. In addition, the data helps us to optimize the website and to ensure the security of our information technology systems. The data is not analyzed for marketing purposes in this process.

Our legitimate interest in the processing of data is also based on these purposes as per art. 6(1)(f) of the GDPR.

4. Duration of Storage

The data will be deleted as soon as it is no longer required for the intended purpose of its collection. When collecting data in order to provide the website, this will be the case when the corresponding session ends.

In the case of storing data in logfiles, the data is deleted after seven days at the latest. Storage in addition to this is possible. In such cases, the IP addresses of the users are deleted or distorted so that it is no longer possible to match them to the viewing clients.

5. Options of Objection and Elimination

It is absolutely necessary for the operation of the web pages to collect data for providing the website and to store data in logfiles. Therefore, the user does not have the option to object.

V. Newsletter

1. Description and Scope of Data Processing

On our website, you have the option to subscribe to a free newsletter. The data entered in the input mask when subscribing to the newsletter is transmitted to us.

In addition to that, the following data is collected upon subscription:

  1. IP address of the computer from which our website is viewed
  2. Date and time of registration

As part of the subscription process, your consent to process the data is obtained with reference to this Data Privacy Statement.

When you purchase services on our website and post your e-mail address for this purpose, we may subsequently use this e-mail address to send you our newsletter. In such a case, the newsletter is used exclusively to send direct advertising for our own similar products or services.

The data is not disclosed to third parties in the course of data processing for the purpose of sending newsletters. The data is exclusively used for sending the newsletter.

2. Legal Basis for Data Processing

If the user has given his or her consent, legal basis for the processing of data after the user has subscribed to the newsletter is art. 6(1)(a) of the GDPR.

Legal basis for sending the newsletter due to the sale of goods or services is § 7(3) of the German Law against Unfair Competition (UWG).

3. Purpose of Data Processing

Collecting the user’s e-mail address serves the purpose of delivering the newsletter.

The collection of other personal data in the course of the registration process is important to prevent misuse of the services or the indicated e-mail address.

4. Duration of Storage

The data will be deleted as soon as it is no longer required for the intended purpose of its collection. Thus, the user’s e-mail address is only stored as long as the subscription to the newsletter is active.

Normally, all other personal data collected in the course of the registration process is deleted after a period of seven days.

5. Option of Objection and Elimination

The data subject may unsubscribe from the newsletter at any time. For this purpose, every newsletter contains an appropriate link.

VI. Contact Form and E-Mail Contact

It is possible to make contact through the provided e-mail address. In this case, the personal data which the user transmits in the e-mail is stored.
Data will not be transferred to third parties in this connection. The data is exclusively used for handling the conversation.

2. Legal Basis for Data Processing

If the user has given his or her consent, legal basis for the processing of data is art. 6(1)(a) of the GDPR.

Legal basis for the processing of data which was transmitted when sending an e-mail is art. 6(1)(f) of the GDPR. If the e-mail contact aims at concluding a contract, the additional legal basis for processing is art. 6(1)(b) of the GDPR.

3. Purpose of Data Processing

In case of making contact by e-mail, the handling of the contacting procedure is also the necessary legitimate interest in processing the data.

4. Duration of Storage

The data will be deleted as soon as it is no longer required for the intended purpose of its collection. For personal data which was sent by e-mail, this is the case when the particular conversation with the user is finished. The conversation is finished when it can be gathered from the circumstances that the relevant issue has been resolved conclusively.

5. Option of Objection and Elimination

The user may choose to revoke his or her consent to the processing of personal data at any time. If you want to do so, please send an e-mail to This email address is being protected from spambots. You need JavaScript enabled to view it..

If the user contacts us by e-mail, he or she can object to the storage of his or her personal data at any time. In such a case, it is impossible to continue the conversation.

All personal data which was stored in the course of making contact will be deleted in this case.

VII. Google Analytics

1. Description and Scope of Data Processing

This website uses Google Analytics, the web analytics tool provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; in the following „Google“). Google Analytics uses so-called “cookies”, i.e. text suggestion files which are stored on your computer and permit an analysis of your use of the website. Information created by the cookie about your use of this website is normally transferred to and stored on a server operated by Google which is located in the USA.

Data which is generated by Google Analytics include::

  1. Type of browser plus its version
  2. The operating system used
  3. Duration of the visit to our page
  4. The website visited before
  5. Your IP address
  6. Date and time

In addition, we adapted Google Analytics to the applicable legal regulations on data protection. If you have anonymized your IP address, it will normally be shortened before leaving the European Economic Area. Only in exceptional cases will Google transfer the complete IP address to one of their servers in the USA to shorten it there. Google will not combine the IP address transmitted by your browser for the purpose of Google Analytics with any other data.

2. Legal Basis for Data Processing

Legal basis for temporary storage of data is art. 6(1)(f) of the GDPR.

3. Purpose of Data Processing

By creating reports, this service enables us to comprehend the use of our website allowing us to adapt our services to the demands of the users.

4. Duration of Storage

The data will be deleted as soon as it is no longer required for the intended purpose of its collection, at the latest, however, after 90 days.

5. Option of Objection and Elimination

Users of this website who do not want their data to be gathered by Google Analytics may install the browser add-on for the deactivation of Google Analytics. This add-on instructs the JavaScript of Google Analytics (ga.js, analytics.js and dc.js), which is executed on websites, to disallow sending information to Google Analytics.

If you want to disable Google Analytics, please call up the web page https://tools.google.com/dlpage/gaoptout?hl=de and install the appropriate add-on for deactivating Google Analytics on your browser. You will find detailed information on installing and uninstalling the add-on in the corresponding help menu of your browser.

The browser add-on for deactivating Google Analytics does not prevent the sending of data to the website or to other web analytics services.

For more information on the terms of use and data protection please go to http://www.google.com/analytics/terms/de.html and/or to https://support.google.com/analytics/answer/6004245?hl=de

VIII. Google-Tag Manager

Our website uses Google Tag Manager, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as: “Google”). Google Tag Manager allows us to manage website tags via an interface. The Google Tag Manager tool, which implements the tags, is a cookieless domain and does not record any personal data itself. Google Tag Manager triggers other tags, which in turn may record data. Google Tag Manager does not access this data. If deactivation has occurred at the domain or cookie level, it will remain effective for all tracking tags implemented with Google Tag Manager.

Google has subjected itself to and is certified under the Privacy Shield agreement concluded between the European Union and the US. Google is thus committed to complying with European data protection standards and regulations. More information is available on the following website: [https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active]

Information from the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, fax: +353 (1) 436 1001. For further information about data protection, please refer to the following Google websites:

  • Privacy policy: [http://www.google.de/intl/de/policies/privacy]
  • Google Tag Manager FAQs: [https://www.google.com/intl/de/tagmanager/faq.html]
  • Google Tag Manager Terms of Service: [https://www.google.com/intl/de/tagmanager/usepolicy.html]

IX. MaTelSo telephone tracking

Our website users telephone numbers provided by matelso GmbH, Heilbronner Str. 150, 70191 Stuttgart, Germany.

These are telephone call tracking numbers which are used to analyse and evaluate user behaviour. In particular, we use these numbers to analyse how our advertising measures reach customers.

If you call us on a number provided by matelso, then information about the call will be stored. matelso will process the information and store it on servers in the EU.

The integration of these telephone numbers into our website is performed using JavaScript. This script also places cookies to control the display of phone numbers based on the referrer provided by the browser.

When using telephone tracking numbers from matelso, we process the following data in particular, including personal data:

  • Caller ID 
  • content of the data of the telecommunications services,
  • cookie IDs.

The purpose of our processing of personal data is to use the data collected to analyse and evaluate surfing habits as well as the success of our advertising channels with regard to our users, in turn enabling us to track the success and reach of our advertising campaigns.

The legal basis for the processing of personal data described here is Art. 6(1)(f) GDPR. The legitimate interest we require in this respect lies in the great benefit the functions described above have on our service. Specifically, statistically evaluating user behaviour and assigning telephone numbers to our advertising channels allows us to respond and optimise our service in line with user interests.

Right to object

You have the right to object. You can adjust your cookie settings (e.g. delete, block cookies, etc.). For further information on this, please refer to “Cookies”.

The information processed will only be stored for as long as this is necessary for the respective purpose or prescribed by law.

The provision of personal data is neither legally nor contractually required, nor is it essential for concluding a contract. You are also not obliged to provide us with your personal data. However, if you do not provide your personal data, this may mean that you are unable to use some or all of the features of our website.

X. Rights of the Data Subject

If your personal data is processed, you are a data subject within the meaning of the GDPR, and you are entitled to the following rights with regard to the Controller:

1. Right of Access

You may request a confirmation from the Controller stating if your relevant personal data is processed by us.

If such processing takes place, you may request to be informed by the Controller about the following details:

  1. the purposes for which the personal data is processed;
  2. the categories of the processed personal data;
  3. the recipients or categories of recipients to whom or to which your relevant personal data has been disclosed or will be disclosed;
  4. the planned storage time of your relevant personal data or, if it is not possible to give a definite date, criteria for determining the storage time;
  5. the existence of a right of rectification or erasure of your relevant personal data, a right of restriction of the processing by the Controller or a right of objection to such processing;
  6. the right to lodge a complaint with a supervisory authority;
  7. all available information about the origin of the data if the personal data is not collected from the data subject;

IYou have the right to request information if your relevant personal data is transferred to a third country or an international organization. In this context, you may request to be informed about the suitable safeguards referred to in Art. 46 of the GDPR in connection with the transfer.

2. Right to Rectification

You have the right to obtain from the Controller the rectification of inaccurate personal data and to have incomplete personal data completed. The controller has to make such a rectification without undue delay.

3. Right to Restriction of Processing

You have the right to obtain restriction of processing of your relevant personal data where one of the following applies:

  1. if you contest the accuracy of your relevant personal data for a period enabling us to verify the accuracy of the personal data in question;
  2. if the processing is unlawful and you oppose the erasure of your personal data and request the restriction of its use instead;
  3. if the Controller no longer needs the personal data for processing purposes, but you require it for the establishment, exercise or defense of legal claims; or
  4. if you have objected to the processing pursuant to Article 21(1) of the GDPR pending the verification of whether the legitimate grounds of the Controller override yours.

Where the processing of your relevant personal data has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the Union or a Member State.

If the processing has been restricted pursuant to the above conditions, the Controller will inform you before such a restriction of processing will be reversed.

4. Right to Erasure
a) Obligation of Erasure

You have the right to obtain from the Controller the erasure of your relevant personal data without undue delay, and the Controller has the obligation to erase this data without undue delay where one of the following grounds applies:

  1. Your relevant personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed.
  2. You revoke your consent on which the processing was based according to Article 6(1)(a) or Article 9(2)(a) of the GDPR, and there is no other legal ground for the processing.
  3. You object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) of the GDPR.
  4. Your relevant personal data has been unlawfully processed.
  5. Your relevant personal data has to be erased for compliance with a legal obligation arising from Union or Member State law to which the Controller is subject.
  6. Your relevant personal data has been collected in relation to services offered by the information society according to Article 8(1) of the GDPR.
b) Information to Third Parties

Where the Controller has made your relevant personal data public and is obliged, pursuant to Article 17(1) of the GDPR, to erase your personal data, taking account of available technology and the cost of implementation, the Controller will take reasonable steps, including technical measures, to inform controllers responsible for the processing of the personal data that you as data subject have requested the erasure by such controllers of any links to or copies or replications of that personal data.

c) Exceptions

The right to erasure does not apply to the extent that processing is necessary

  1. for exercising the right of freedom of expression and information;
  2. for compliance with a legal obligation which requires processing by Union or Member State law to which the Controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
  3. for reasons of public interest in the area of public health in accordance with Article 9(2)(h) and (i) as well as Article 9(3) of the GDPR;
  4. for archiving purposes in the public interest, scientific or historical research purposes, or for statistical purposes in accordance with Article 89(1) of the GDPR in so far as the right referred to in paragraph a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
  5. for the establishment, exercise or defense of legal claims.
5. Right to Information

If you have exercised your right to rectification, erasure or restriction of processing with regard to the Controller, the Controller is obliged to communicate any rectification or erasure of personal data or restriction of processing carried out to each recipient to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort.

You have the right to obtain from the Controller information about those recipients.

6. Right to Data Portability

You have the right to receive the relevant personal data you provided to the Controller in a structured, commonly used and machine-readable format. You also have the right to transmit that data to another controller without hindrance by the Controller to whom the personal data was provided, where:

  1. the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR or on a contract pursuant to Article 6(1)(b) of the GDPR; and
  2. the processing is carried out using automated means.

In exercising this right, you also have the right to have your relevant personal data transmitted directly from the Controller to another controller, where technically feasible. This transmission must not adversely affect the rights and freedoms of others.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.

7. Right of Objection

You have the right to object at any time, on grounds relating to your particular situation, to the processing of your relevant personal data which is based on Article 6(1)(e) or (f) of the GDPR, including profiling based on those provisions.

Following an objection, the Controller will no longer process your relevant personal data unless the Controller can demonstrate compelling legitimate grounds for such processing which override your interests, rights and freedoms or which serve the establishment, exercise or defense of legal claims.

Where your relevant personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your relevant personal data for the purpose of such marketing, which includes profiling to the extent that it is related to such direct marketing.

If you object to the processing of your personal data for the purposes of direct marketing, your personal data will not be processed for such purposes anymore.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means for which technical specifications are applied.

8. Right to Withdraw the Declaration of Consent for Purposes of Data Protection

You have the right to withdraw your declaration of consent for purposes of data protection at any time. The lawfulness of the data processing carried out based on your consent up to the revocation remains unaffected by your revocation.

9. Right to Lodge a Complaint with a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with the supervisory authority relevant for our company:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA), Promenade 27, DE-91522 Ansbach or with any other supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement if you think that the processing of your relevant personal data infringes the GDPR.

The supervisory authority with which the complaint has been lodged will inform the complainant on the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.

IX. Relevance and Alteration of the Data Privacy Statement

We as Controller reserve the right to alter the Data Privacy Statement at any time with regard to the applicable data protection legislation. Current state is May 2018.