Privacy Policy

Last updated 18 July 2023.


Here are some important definitions to help you navigate this policy:

App” means Coral’s mobile app “Coral: Student Campus Platform”, available on both App Store and Google Play Store.

“Website” means Coral’s official website:

“Platform” is the collective name of the App and the Website.

Material” includes information, data, text, editorial content, design elements, look and feel, formatting, graphics, images, photographs, videos, music, sounds, and other content and materials.

“Community Organizer” means an individual or legal entity that manages a community on Coral and, accordingly, manages the memberships of the members of that community.

“Event Organizer” means any individual or legal entity that manages an event on Coral.

“Organizer” is the collective name of Community Organizer and Event Organizer.

“User” means an individual or legal entity who accesses or uses Coral’s Services.

Organizers, Users, and third parties accessing or using our Services are all referred to in these Terms collectively as "Users," "you," or "your." If you will be using the Services on behalf of a legal entity, "you" and "your" will refer to that entity as well as yourself.

When these Terms use "Coral," "we," "us," or "our," that refers to Coral AB (Reg No: 559426-7865) and its subsidiaries, and each of its and their respective officers, directors, agents, partners, and employees.

1. Who we are

Coral AB is a Swedish limited liability company with its principal place of business at Torbjörn klockares gata 18A, Stockholm, 113 30, Sweden. Reg No: 559426-7865.

2. Personal data that we collect and process

2.1 We collect and process primarily personal data from the following parties:

  1. Personal data for Users and contact persons at partners, schools, and universities, and other stakeholders that we communicate with when performing or marketing our services.
  2. Personal data for potential Users and contact persons at partners, schools and universities, and other stakeholders whom we wish to communicate with to inform about our services.
  3. Personal data for volunteers, job applicants, or persons who have otherwise shown an interest in contributing to our services.

2.2 Types of data we collect

We normally collect first name, last name, and email address from all the above-mentioned parties in 2.1. We may also collect additional types of personal data from these parties when doing so has a legitimate purpose which is mentioned in section 3.

From Users, some examples of additional data we may collect include:

  1. Material you provide when you use our Services, including when you sign up for an account, create or share content, and message or communicate with other Users. This can include information in or about the Material you provide (like metadata), such as the date a file was created.
  2. Information about how you use our services, such as the types of content you view or engage with; the features you use; the actions you take; the people or accounts you interact with; and the time, frequency, and duration of your activities.
  3. Information about the devices you use to access and interact with our Platform, such as:
    1. Device attributes: information such as the operating system, hardware and software versions, battery level, signal strength, available storage space, browser type, app and file names and types, and plugins.
    2. Device operations: information about operations and behaviors performed on the device, such as whether a window is foregrounded or backgrounded, or mouse movements (which can help distinguish humans from bots).
    3. Device signals: Bluetooth signals, and information about nearby Wi-Fi access points, beacons, and cell towers.
    4. Data from device settings: information you allow us to receive through device settings you turn on, such as access to your GPS location, camera, or photos.
    5. Network and connections: information such as the name of your mobile operator or ISP, language, time zone, mobile phone number, IP address, and connection speed.
  4. Cookie data: data from cookies stored on your device, including cookie IDs and settings. Learn more about how we use cookies in our Cookie Policy.
  5. Information about financial transactions made on our Services, such as product purchased, time of purchase, your credit or debit card number and other card information; other account and authentication information; and billing, shipping, and contact details.

3. Use of Personal Data

We process personal data provided to or obtained by us in connection with our services so that we can fulfill our commitments, handle the administration in connection with our services, and fulfill our legal obligations. Personal data may also be processed for User analyses, business and method development, marketing, market analyses, statistics, and recruitment.

The basis for our processing of personal data is that we shall be able to:

  1. fulfill our commitments with you;
  2. fulfill a legal obligation which we are subject to; or
  3. fulfill a legitimate interest where we consider that the legitimate interest outweighs any opposing interests or fundamental rights and freedoms (balancing of interests).

When we process personal data to analyze and develop our business, and for marketing communication, the processing is based on our legitimate interest in improving and marketing our business.

4. Who has access to the personal data?

4.1 We will not disclose personal data to anyone outside Coral, except where:

  1. it has been agreed between us and the person whose personal data we process;
  2. it is necessary within the scope of a given engagement to safeguard our Users’ and partners’ rights and interests;
  3. it is necessary so we can fulfill a statutory obligation, comply with a decision of a public authority, or a court of law;
  4. we engage an external service provider who only processes personal data in accordance with our instructions; or
  5. it is otherwise permitted by law.

4.2 Regarding external service providers

No personal data Coral collects will be shared with an external service, provider unless doing so has a legitimate purpose which is mentioned in section 3.

4.3 Personal data managed by other Users

Other Users and Organizers may ask to collect personal data from you. Some personal data may also be collected automatically by the Organizer when you join a community or sign up for an event. In those cases, such Users and Organizers are bound to comply with our Terms of Service.

When you provide another User or Organizer with information or personal data, Coral acts like a personal data processor. The Organizer or User you provided your data to is the personal data controller, which means that they are the one who has the responsibility for the treatment of your data according to all applicable laws, rules, and regulations. Coral is not responsible for the data you share with other Users, and we will not be held liable for any material or immaterial damages caused by said Users who misuse your data.

5. Storage of personal data

5.1 Duration of storage

We store data until it is no longer necessary to provide our services, or until your account is terminated – whichever comes first – unless otherwise required or permitted by law. This is a case-by-case determination that depends on things like the nature of the data, why it is collected and processed, and relevant legal or operational retention needs.

5.2 Place of storage

All personal data Coral collects about individuals is stored on servers in the European Economic Area (EEA).

The only exception is payment information that our payment processor Stripe collects in order to process your payments. Such payment information may be stored on servers elsewhere. To learn what data Stripe collects and processes, see Stripe’s Privacy Policy and Data Processing Agreement.

6. Your rights

You are entitled to know what personal data we process about you. You also have the right to request that we correct or erase incorrect or incomplete personal data. You are entitled to object to specific processing of personal data and request that the processing of personal data is restricted. You also have the right to receive, in a machine-readable format, personal data you have provided, and have the data transferred to another party responsible for data processing.

Restriction or erasure of personal data could entail that we are unable to meet our commitments.

If you are dissatisfied with how we process your personal data you may contact or report this to the Swedish Authority for Privacy Protection (Sw. “Integritetsskyddsmyndigheten”), which is the supervisory authority for our processing of personal data.

7. Contact

You are welcome to contact us at regarding any matters concerning our collection and processing of personal data.