Answering your questions directly…
- imagine you private key like being your “password” - for every Crypto Currency address you will have a private key generated. When you send your BTC from Coinbase to Ledger, you send only your currency (public key), not your private key.
What most people claim (and it’s true) is that Coinbase knows your private key (imagine that they take care of your password, so in case you lose it, they can recover for you). That means your BTC can be accessed by them, and once they have your private key, they can do whatever they wish with it… also…they know your passport info and your Proof of address. So, you will never be fully anonymous at coinbase.
- coinbase keeps a copy of your private key, YES. That’s a huge vulnerability you have by having an account with them.
Ledger Nano S, can probably help you to recover the private keys that you generated for your device. But it is your responsibility to keep them safe and stored in a secure place. That doesn’t mean they have access to your cryptocurrencies… YOU are the only one that can unlock the device with the keys that were generated in your gadget.
Remember, an exchange can be target of a hack attack, your Ledger Nano S is less likely to be directly attacked.
PS: some merchants prefer NOT to receive coins from a Coinbase addresss.