Services

Online Privacy Policy

 

Notice of Data Protection Policy of Coral Energy Products Cyprus Ltd, situated at 178, Athalassas Avenue, IRENE TOWER, 3rd floor, Apt. 301, 2025 Nicosia

Last updated: 30 September 2025

The purpose of Coral Energy Products Cyprus Ltd (“Company”, “Coral”, “we”) is the protection of the personal data we process, in accordance with all applicable laws and regulations, including the General Data Protection Regulation 2016/679 (“GDPR”), the Law on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, Law 125(I)/2018, the Regulation of Electronic Communications and Postal Services Law N112(I)/2004, as well as the recommendations of the Office of the Commissioner for Personal Data Protection.

Because our Company takes seriously the protection of the privacy of data subjects (“you”, “your”), we strictly follow this Data Protection Policy, which ensures the high level of services we provide and strictly complies with the applicable legislative framework.

With this notice of Data Protection Policy, we wish to inform you about the manner in which our Company protects the confidentiality of your communications with us, as well as the way it collects, processes, uses, and stores your personal data, and about the options and rights you have with respect to such collection and processing of your personal data. By visiting our Website, you acknowledge and accept the notice of Data Protection Policy herein.

Users should be aware that our Website may contain links to other websites; however, our Company bears no responsibility whatsoever for the practices, data protection terms, or content of such websites.

 

1.SUBJECT MATTER

1.1This Data Protection Policy describes, in general, the terms and conditions observed by our Company for the protection of the privacy of data subjects. This policy includes the rules under which we collect and process your personal data and ensure the confidentiality of such information.

1.2 Our Company reserves the right to modify and revise this Data Protection Policy whenever deemed necessary, with such changes taking effect upon their public appearance on this Website.

1.3 If any of the present terms is deemed invalid, unlawful, or abusive for any reason, the remaining terms shall remain valid and effective to the extent that they are not contrary to the intent expressed in this policy.

 

2.PRINCIPLES OF PROCESSING

We fully respect your fundamental rights and make the protection of your privacy a priority of our Company. In this context, when processing your personal data, we apply the following key principles:

2.1 We process your personal data lawfully and fairly, maintaining full transparency regarding the way in which we handle your personal data.

2.2 We collect and process your data only for specified, explicit, and legitimate purposes, as set out in this policy, and we do not process them further in a manner incompatible with those purposes.

2.3 We process your personal data only to the extent that it is adequate, relevant, and limited to what is necessary in relation to the purposes for which they were collected.

2.4 We make reasonable efforts, with your cooperation, to ensure that the data under processing are accurate and, where necessary, kept up to date, taking all reasonable steps for their immediate deletion or rectification in the event of inaccuracies.

2.5 We keep your personal data in a form that permits your identification only for as long as required for the processing purposes.

2.6 We process your personal data in a manner that ensures their security by using appropriate technical and organizational measures.

2.7 We do not intend to process your personal data for purposes other than those for which they were collected.

2.8 You are not obliged to provide your personal data, and there are no consequences from not providing them. Subject to this Policy, we do not disclose or transmit your personal data to third parties without your consent, unless permitted by law or the legal basis upon which the collection and processing are based, or under an agreement between us.

2.9 We do not transfer your personal data to third countries or international organizations where there is no adequacy decision by the European Commission under the GDPR.

2.10 We fully comply with the applicable legislation and all obligations deriving from it, as the legally designated controller of your personal data.

 

  1. TYPES OF DATA

3.1 The categories of personal data that we collect from you and process depend mainly and amongst others, on the services you choose to receive from us or on the agreements concluded between us. Therefore, while browsing our Website or when submitting suggestions, complaints, proposals via the contact form or when completing the Shell GO+ loyalty program contact form or when applying for Coral Pass Card and Coral Pass Prepaid Card or when entering into an agreement with us you provide us with, at least, the following personal data:

3.1.1 While browsing our Website:

  • IP address.
  • Website navigation data.
  • Information on product and service preferences.
  • User-generated content.

3.1.2 When submitting suggestions, complaints, proposals via the contact form:

  • Full name.
  • Email.
  • Telephone.

3.1.3 When completing the Shell GO+ loyalty program contact form:

  • Full name.
  • Card number (if applicable).
  • Email.
  • Telephone.

3.1.4 When applying for Coral Pass Card and Coral Pass Prepaid Card:

  • Full name.
  • ID card number.
  • Email.
  • Telephone.

3.1.5 When entering into an agreement with us:

  • Full name.
  • Email.
  • Telephone.
  • Address.
  • ID card number.

3.1.5.1 For heating oil supply agreements:

  • Full name.
  • Address.
  • Zip code.
  • Email.
  • Telephone.
  • Preferred payment method.
  • Shell GO+ card details.
  • Discount gift card details.

3.1.5.2. For vehicle-related agreements:

  • Vehicle type.
  • City.
  • Delivery address.
  • Payment method.
  • Full name.
  • Email.
  • Telephone.

3.2 If you communicate with us by email, phone, or other means, we collect and process personal data relevant to such communications, as per the guidelines set out in this policy, in order to meet requests and improve our services.

3.3 Our Company does not generally collect or have access to special categories of personal data (“sensitive” data) or data relating to criminal convictions and offences. You should refrain from posting or disclosing such data concerning yourself or third parties. Any unnecessary disclosure of such data will be deleted immediately. The Company bears no liability for the posting or processing of sensitive data due to your acts or omissions in breach of this obligation.

 

  1. PURPOSES AND LEGAL BASIS OF PROCESSING

4.1 The personal data necessary for browsing and using our Website (Art. 6(1)(b) GDPR) are processed for:

  • Technical capability for the smooth operation of our Website.
  • Friendly and user-friendly operation of our site.
  • Improve your online experience while navigating and using our site.

4.2 Personal data necessary for the provision of our services within our contractual relationship is collected and processed by our Company pursuant to article 6 § 1 (b) of the GDPR for the following purposes:

  • Performance of our contractual obligations.
  • Immediate, adequate and efficient provision of our services.
  • Communicating with our clients in the framework of the execution of our services and for the resolution of any complaints.
  • Improvement, management and review of our products and services to meet the needs of our clients as much as possible.
  • Administration, organization and function of our business.
  • Management of our clientele.
  • Extrajudicial or judicial use for the protection of our lawful rights and interests.
  • Legal/statutory obligations.

4.3 Our Company collects and processes your personal data solely for the purposes mentioned above and only to the extent that is strictly necessary to effectively serve them. Data collected are relevant, appropriate and no more than what is required in view of the above purposes, whereas we strive to keep them accurate and up to date. Furthermore, your data are retained only for the period required to achieve the purposes, for which they are collected and processed, and are afterwards deleted.

  1. CONSENT

5.1 Processing based on your consent may occur for:

  • For the purposes of commercial communication, marketing and advertising of our services or third-party services via SMS, telephone, e-mail, internet, fax, mail, social media and / or any other appropriate communication channels.
  • For personified market research and / or analysis purposes to better understand your needs, preferences, interests, experiences and / or habits as a consumer.
  • Operation and management of the Shell GO+ loyalty program.
  • Operation and management of the Coral Pass Card and Coral Pass Prepaid Card programs.

5.2 You give us your consent to the processing of your personal data for the above purposes in a manner clearly distinguishable from other consents or notice and in an intelligible and easily accessible form using clear and plain language. Your consent is freely given and your personal data is given without such a provision being a legal or contractual obligation or a requirement on behalf of our Company for the performance of a contract between us.

5.3 You have the right to withdraw your consent at any time. Withdrawal of your consent does not automatically mean that our Company cannot continue with processing of your personal data if any other legal basis allows such process for the purpose the data were collected. Withdrawal of your consent does not affect the lawfulness of the treatment of your data prior to its revocation. Your consent is also revoked in the same manner as provided.

  1. THIRD-PARTY RECIPIENTS

6.1 For the better process of your data as described herein this policy, our Company may share your data with the following processors for and on behalf of our Company:

  • Other companies of the group of companies our Company is member of.
  • Our internet and data hosting providers for hosting purposes.
  • Our information technology maintenance and support providers for the smooth operation of Website and our information and communication systems.
  • Third-party consultants to provide data analysis services.
  • Legal Advisors.
  • Insurance companies.
  • Third parties for the implementation of contractual obligations between us.

6.2 The processing of your personal data by our data processors mentioned above is executed under our control and orders and is subject to the same data protection policy or to a policy of at least the same level of protection.

6.3. In the event that we are required by a court or other administrative authority and in any other case that we are legally bound to do so, our Company may transfer your personal data to public authorities to the extent specified by law prior to you being informed.

  1. CONFIDENTIALITY AND SECURITY

7.1 In order to ensure the proper use and integrity of your personal data and to prevent their unauthorized or accidental access, processing, deletion, alteration or other use, our Company applies appropriate internal policies and takes all appropriate organizational, technical, physical, logical and procedural security measures, as well as technical standards, in accordance with applicable laws and regulations.

7.2 The processing of your data by our Company is conducted in a manner that ensures their confidentiality and physical and logical security, taking into account the latest developments, implementation costs and the nature, scope, context and purposes of the processing, as well as the risks for your rights and freedoms.

7.3 Your personal data is processed solely by authorized personnel of our Company, bound by strict obligations of confidentiality.

  1. DATA RETENTION PERIOD

8.1 We keep your personal data for as long as it is necessary each time for the relevant purposes of their processing.
8.2 Our Company may retain your personal data after the expiration of their relevant processing purposes in the following limited cases:

  • In case that there is a legal obligation under a relevant statutory provision.
  • For reasons of tax and social security or audit reasons within the statutory limitation period.
  • For research or statistical purposes for the proper organization and operation of our business provided that anonymity of your data takes place.
  • In case of any claims against our Company, for as long as necessary to defend our rights and legitimate interests before any competent court and any other public authority.

8.3 After the period of retention, your personal data is erased from our databases and systems in accordance with our data protection policies and provided that their retention is no longer required for the fulfillment of the purposes we have described above.

  1. RIGHTS OF DATA SUBJECTS

9.1. In accordance with data protection legislation, you have the following rights:

  • Right to be informed, namely the right to be informed about how we process your data.
  • Right of access, namely the right to access your personal data and request a copy of the data we hold and process about you.
  • Right to rectification, namely the right to request us to update or correct any inaccurate or incomplete personal (“right to rectification”).
  • Right to withdraw your consent. The withdrawal shall not affect the lawfulness of processing based on consent before it was withdrawn by you.
  • Right to erasure, namely the right to have your data deleted where there is no longer a lawful reason for us to continue processing them.
  • Right to restriction, namely the right to restrict the processing of the data, if for example the data are not accurate.
  • Right to data portability, namely the right to receive your personal data in a structured, commonly used and machine-readable format, and have your personal data transferred to another data controller.
  • Right to object, namely the right to object to the processing of your personal data, especially in situations where we rely on our legitimate interests
  • Right not to be subject to automated decision-making and profiling of personal data which may significantly affect your rights.

These above mentioned rights are not absolute; they are subject to exceptions and apply only under certain circumstances depending on the legal basis on which we rely in each case.

9.2 Our Company will respond to any of your requests within one month from their receipt. Upon prior notice, this period may be extended by a further two months if necessary, taking into account the complexity of the request and the number of any other pending requests. In case of rejection of your request, we will provide relevant justification.

9.3 If your request does not meet the requirements of applicable law, our Company reserves the right either to: (a) impose a reasonable fee, taking into account the administrative costs of providing the information or communicating or executing the requested action, or (b) reject your request.

9.4 In the event of any violation of your personal data, which may place your rights and freedoms at a high risk, and provided that it does not fall under one of the exceptions expressly provided for by applicable law, we undertake to inform you without undue delay.

9.5 If there are any doubts as to the identity of the individual submitting the request, we reserve the right to request the provision of additional information necessary to confirm his / her identity.

 

  1. YOUR OBLIGATIONS

10.1 By using our Website and by providing your personal data upon your consent, you acknowledge that you are required to state your actual, accurate and complete information requested by our Company. Furthermore, you must inform our Company of any changes to your information so as to ensure it is kept up-to-date and accurate.


10.2 You acknowledge that our Company may delete, cross-check, supplement or modify the information you provide based on information lawfully provided by third parties. In this case, our Company will provide you with relevant notice in compliance with applicable law.


10.3 By using our Website you confirm that you are over sixteen (16) years old. If you are under the age of sixteen (16) you have the obligation to abstain from any use of our Website and from any transfer of your personal data without the consent of the person who exercises your parental responsibility. If you fail to comply with the foregoing obligations, you must immediately notify our Company. In any case, using the Site, you acknowledge that our Company is not responsible for your violation of the obligations mentioned above to the extent that it is unable, even if it makes reasonable efforts, to verify your age or to receive consent from your guardian.

 

  1. COOKIES

11.1 Our Website uses cookies. For more information, please refer to our dedicated Cookies Policy.

 

  1. CONTACT

12.1 For any further information, clarification, or request regarding this Data Protection Policy, you may contact our Data Protection Officer:

  • Postal Address: Irodou Attikou 12A, Marousi, Athens, Greece, Zip Code 151 24
  • Email: [email protected]