Onlineapo.at
Rosen-Apotheke OG -
Data protection information

Rosen-Apotheke OG, Längdorfer Straße 2, A-9184 St. Jakob im Rosental is the provider of the online mail-order pharmacy ONLINEAPO.at. ONLINEAPO.at adheres strictly to the General Data Protection Regulation (GDPR) and the Data Protection Act (DSG) when storing and processing your data.

In this data protection information, we inform you about the most important aspects of the processing of your personal data when you visit our website, contact us, have a customer account with us and order products via ONLINEAPO.at. The information also applies if you are a supplier or service provider for us, if you apply to us online or subscribe to our newsletter and in other cases in which we expressly refer to this data protection information.

If you shop in our local pharmacy or use the Rosen-Apotheke website(www.rosenapotheke.at), the Rosenapotheke privacy policy, which you can find at https://www.rosenapotheke.at/dse/, takes precedence.

The responsible body for data processing by ONLINEAPO.at is

Rosen-Apotheke OG
Licence holder Mag. pharm. Ingeborg Sabernik
Company register number: FN 589754 k, Klagenfurt Provincial Court
Längdorfer Strasse 2, A-9184 St. Jakob im Rosental
Telephone: +43 (0)4253 8278
E-mail: rosenapotheke@aon.at

1. data collection and origin of the data

We collect the data that you make available to us when you use our website. We also collect and process the data that you transmit to us via the contact option that we provide on our website (e.g. also via our contact form).

In addition, we collect personal data where this is necessary or appropriate for the purchase of a product from ONLINEAPO.at or for advice as a pharmacist. This also includes billing. If you have a customer account with us, we collect and process the necessary data.

If you enter into a contact relationship with us, conclude supplier contracts with us or apply for a job with us, we collect and process the personal data you disclose to us.

Personal data that we collect and store in this way may include, in particular

IP address and usage data when retrieving website content and, if applicable, cookies (see details in section 7);
Name and address, order data, contact data and payment data when purchasing products from our mail-order pharmacy (see details below 3.1);
Your health data if you make use of a consultation or service from our mail-order pharmacy (see details below 3.2).
Name and contact details as well as the details from the enquiry in the context of processing a contact request
Name and contact details as well as data required for the processing of the contractual service in the context of a supplier relationship.
E-mail address when registering for the newsletter and dispatch information for the respective newsletters.
Name and contact details as well as the content of your application in the case of a job application.

2. use and disclosure of personal data in general

We use your personal data to enable you to use our website. In addition, your personal data will be processed and transmitted when you use our website if you consent to the use of corresponding services (see section 7 for details).

We generally use your personal data when you purchase products from us at ONLINEAPO.at in order to process and invoice the purchase. We also use your data in the context of a consultation or service requested by you.

If you enter into a contact or supplier relationship with us, we use your data to establish and fulfil or process this relationship and, if applicable, to invoice you.

In addition, we may use data that we have lawfully become aware of for the purpose of advertising by post and also by e-mail (e.g. newsletter) or telephone, provided you have consented to this.

If you apply for a job with us, we will use your data to review and decide on your application.

It may also be necessary for us to pass on your data to external service providers as part of order processing or to third parties, e.g. to fulfil the contract. We will neither sell your personal data to third parties nor market it in any other way.

If you have consented to the use of certain services on our website, e.g. for statistical or marketing purposes (see section 7), data may be transferred to the companies listed in more detail in third countries outside the European Economic Area.

3 Purposes and legal bases of data processing

We process the aforementioned personal data for the following purposes and on the basis of the following legal bases:

3.1. fulfilment of contractual / pre-contractual obligations (Art. 6 para. 1 lit. b GDPR)

Personal data is processed to the extent necessary for you to use our website.

We process your personal data when you purchase products from us at ONLINEAPO.at or make use of a general consultation or service. We collect the following data for this purpose

Name
Date of birth
your address
e-mail address
Payment method
Shipping method
Gender (optional)
Different delivery address (if applicable)
Interests (voluntary)
Additional information about the order (voluntary)
Selected goods and the date of purchase

For commercial customers, we also collect

Company name
Department (voluntary)
VAT ID (voluntary)

We also process necessary cookies with the user's IP data for the purpose of processing the purchase process, verifying correct registration and for subsequent contract processing.

Processing is also carried out to process your enquiries and to initiate and process customer and supplier relationships or a comparable contact relationship, as well as for job applications. The following data is stored when you use our contact form

Salutation
First name
Surname
e-mail address
Telephone number
Subject
Comment or your message

3.2 Necessity for preventive health care and care (Art. 9 para. 2 lit. h para. 3 GDPR)

If this is necessary for the provision of health care and care by ONLINEAPO.at requested by you (e.g. when purchasing medical products or using health-related services and consultations), we may process further personal data including your health data (Art. 9 para. 1 GDPR) to the necessary and appropriate extent.

3.3 Processing in the context of a balancing of interests (Art. 6 para. 1 lit. f GDPR)

If necessary for our purposes, we process your data beyond the necessary fulfilment of the preliminary contract or contract to protect our legitimate interests or those of third parties, unless your interests in not processing the data outweigh ours:

Anonymisation of IP addresses when using our website for statistical purposes, data security and the optimisation of our website.
Possible measures for the data security of our website, such as in particular the storage of IP addresses, if the specific threat situation makes this appear appropriate.
Justification and fulfilment of contact requests and correspondence within the scope of the purpose.
Processing of job applications within the scope of the purpose.
Postal advertising, unless you object to this.

3.4 Processing within the scope of your consent (Art. 6 para. 1 lit. a GDPR)

If you give us your consent to the processing of personal data for a specific purpose in accordance with the existing provisions, we will process this data within the scope of the consent. Any consent can be revoked at any time for the future.

You have the option of subscribing to our newsletter via our website with your consent. To do this, we need your e-mail address and your declaration that you agree to receive the newsletter. The cloud-based third-party software Brevo from Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany, is used to send newsletters. There is an order processing agreement between us and the third-party provider. As soon as you have registered for the newsletter, we will send you a confirmation email with a link to confirm your registration.

The following personal data is stored when you register for the newsletter

Email address
Surname (optional)
First name (optional)
Gender (optional)

Your data will be used for the following processing:

Storage of the data provided by you in the newsletter system
Sending newsletters according to your request
Tracking the opening and click rates of the newsletter to optimise performance and information

You can unsubscribe from the newsletter at any time free of charge and revoke the associated consent to data processing. To do so, send us an email to info@onlineapo.at with the subject "Newsletter cancellation". You can also unsubscribe from the newsletter directly on the website https://www.onlineapo.at/Footernavigation/Informationen/Newsletter/ or via an unsubscribe link at the end of each newsletter. We will then immediately delete your data in connection with the newsletter dispatch.

When using our website, you can give your additional consent for further purposes beyond the required scope of use, which can be revoked at any time. This applies in particular to analysis services and advertising and marketing services, provided you have consented to this (for details, see section 7).

3.5 Processing on the basis of legal requirements (Art. 6 para. 1 lit. c GDPR)

We process your personal data insofar as we are subject to a legal obligation, such as the statutory retention obligations or information or monitoring obligations towards state institutions within the framework of the law.

4 Data transfer and disclosure

We will not transfer any personal data to third parties for the purposes of advertising or address trading.

Within our pharmacy, those persons who are entrusted with the processing will have access to your data within the scope of necessity or reasonable expediency. Data may also be passed on to external service providers as part of order processing. We contractually oblige our processors to process your data exclusively within the framework of our instructions for the fulfilment of obligations and within the framework of the applicable laws and regulations.

For the processing of customer orders, we use the provider Sendcloud, a service of Sendcloud GmbH, Fürstenrieder Str. 70, 80686 Munich.

In addition, payment data is transmitted to processing banks/payment service providers for the purpose of debiting the purchase price and to the shipping company commissioned with the delivery, insofar as this is necessary for the delivery of ordered goods.

If you wish to pay and exchange your personal data required for a purchase via your Amazon account or Paypal account, we will share the necessary information directly with Amazon or Paypal:

Amazon Payments Europe S.C.A., 38 avenue J.F. Kennedy, L-1855 Luxembourg
PayPal (Europe) S.à.r.l. et Cie, S.C.A, 22-24 Boulevard Royal, L-2449 Luxembourg

We also share the data required to offer you Trusted Shops buyer protection. The controller for the website www.trustedshops.at and the Facebook fan page at www.facebook.com/trustedshops is

Trusted Shops AG, Subbelrather Straße 15c, 50823 Cologne, Germany
Phone: +43 1 311 94 10
E-mail: service@trustedshops.at

We also share the necessary data with the shipping service provider Österreichische Post AG in order to dispatch the products you have purchased:

Österreichische Post AG, Post Customer Service, Bahnsteggasse 17-23, 1210 Vienna
https://www.post.at/i/c/datenschutz

Data may also be transmitted when you use our website (see section 7).

5 Data transfer to a third country

Data will only be transferred to countries outside the European Union (EU) or the European Economic Area (EEA) to so-called third countries if we inform you of this separately.

When using our website, data may be transferred to companies in third countries (see section 7).

6 Duration of data storage

When using the website, we store the IP address and usage data for the duration of the usage process. In addition, the IP address may be stored insofar as this is appropriate for data security and the clarification or prevention of security or data protection breaches, whereby the appropriateness depends on the specific threat situation. In this case, the IP addresses are only stored for as long as is appropriate for the aforementioned purposes, usually only 7 working days and not longer than three months, even in special cases of threat. In the event of a criminal complaint or prosecution or the enforcement of claims against persons who carry out security or data protection violations, the data may be stored and used until the claims have been finally clarified or enforced.

Our records of ONLINEAPO.at business transactions are stored in accordance with the retention period stipulated in Section 132 (1) of the Federal Fiscal Code (currently the past seven financial years). After expiry of this retention period, this data will be deleted.

In the context of a contact relationship, the contact data and communication data are stored and used to the extent and for as long as this is necessary for the respective communication purpose or is appropriate within the scope of reasonableness.

In the context of an application relationship, the contact data and the application data are stored and used to the extent and for as long as this is necessary for the respective application purpose or is appropriate within the scope of reasonableness. If the application is not successful, the data will be deleted within seven months of notification of the rejection, provided that deletion does not conflict with any other legitimate interests of the controller. Other legitimate interest in this sense is, for example, a burden of proof in legal proceedings.

If you subscribe to our newsletter, your data will be stored and used until you unsubscribe from the newsletter or we cancel the newsletter. Your consent and the information about the previous mailing will remain stored until the limitation period for possible injunctive relief on your part has expired, but we will no longer use the data for the further mailing of newsletters. The details of data processing can be found in the respective newsletter registration.

7 Special processing for website use

The processing of your personal data when you use our website depends on whether you do so with or without logging into your customer account, subscribing to the newsletter or giving your consent for other purposes.

When you use our website without logging in and without consent for other purposes, we only collect personal data, including cookies, insofar as this is necessary for the provision of services (Art. 6 para. 1 lit. b GDPR) and/or appropriate (Art. 6 para. 1 lit. f GDPR) (see section 7.1).
During and after your registration on our website, we also collect the data that is necessary (Art. 6 para. 1 lit. a and b GDPR) and/or appropriate (Art. 6 para. 1 lit. f GDPR) for the administration and provision of services with regard to the respective registration (see section 7.2). Possible registrations include in particular
- Customer account registration
- Registration for newsletter
- Use of feedback and/or contact form
With your revocable consent, you can also give us your consent to use other cookies and technologies to analyse the use of our website and offer you an optimal website experience (analysis) and to display personalised content (advertising). We request this consent via the so-called "cookie banner", which we display when you visit our website. This consent can be given, revoked or changed at any time by accessing the "cookie settings" on the website. For details on this processing in the event of your consent, see section 7.3.
An overview of the specific tools and technologies used can be found in section 7.4 and via the "Cookie settings" link on our website.

Your consent applies to the cookie banner and the cookie settings: By clicking on "Accept all cookies", you accept the processing of data, the creation and processing of individual user profiles across websites, partners and devices and the transfer of your data to third-party providers, some of which process your data in countries outside the European Union, including the USA (Art. 49 para. 1 lit. a GDPR). The third-party service providers we use are generally certified under the EU-U.S. Data Privacy Framework.

You can declare your consent for all cookies in general or in detail under "Cookie settings" and/or adapt them to your wishes and/or only allow necessary cookies by means of "Reject". You can revoke and/or change your consent at any time via the "Cookie settings" (see in the footer of each of our pages) with effect for the future.

7.1 Use without consent

Without your further consent, we only collect the personal data that is necessary for the use of the website or that is permitted to a reasonable extent in accordance with Art. 6 para. 1 lit. f GDPR.

If you wish to visit our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security and/or whose processing is appropriate (legal basis is Art. 6 para. 1 lit. b and f GDPR)

IP address
Date and time of the enquiry
Time zone difference to Greenwich Mean Time (GMT)
Content of the request (specific page/download, etc.)
Access status/HTTP status code
Amount of data transferred in each case
Website from which the request originates
Browser
Operating system and its interface
Language and version of the browser software
Cookies for storing information and/or settings
Cookies for anonymised usage analysis.

We collect this data beyond the strict technical necessity for the provision of services (Art. 6 para. 1 lit. b GDPR) within the framework of Art. 6 para. 1 lit. f GDPR because we want to ensure the security and stability of our web application and are also obliged to do so to a reasonable extent in accordance with Art. 32 GDPR ("legitimate interest"). Experience shows that the above-mentioned data is helpful in ensuring security and stability. Stability can only be guaranteed and attacks can only be warded off if the IP address and other data mentioned above are stored depending on disruptions and the threat situation in order to recognise and eliminate or ward off disruptions and attacks. Depending on the threat situation, the storage period is between 7 days and three months; in exceptional cases of very high risk and/or for the further pursuit of claims, the storage period may be longer.

We also use cookies as described above. We need these, for example, to recognise the status of your possible consent even if you do not give your consent and/or do not log in. The cookies that we use accordingly are listed in section 7.2 as necessary or appropriate cookies that we may also use without your consent.

7.2 Use with your further consent

We only collect further personal data for other purposes in accordance with the following description with your respective consent. You can give and/or withdraw this consent by

Selecting the cookie settings in the cookie banner or under Settings.

If you click on "Accept all cookies", we use both cookies for analysing user behaviour and marketing cookies in addition to the necessary cookies. You can make adjustments under Cookie settings.
If you click on "Reject", you reject the setting of non-essential cookies. Only necessary cookies will be set.
Under "Show cookie settings", you can make detailed adjustments and revoke your consent at any time with effect for the future. This does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.

An overview of the cookies used in the event of your consent (in accordance with Art. 6 para. 1 lit a GDPR and § 165 para. 3 TKG 2021) can also be found below under Section 7.3.

7.3 Overview of the cookies and tools used

An overview of the cookies and other analysis technologies (collectively referred to as "cookies") used by us is provided below, including any information on further setting options:

Cookies

A cookie is a small data package (text file) that your browser stores on your device at the instruction of a website you visit in order to "remember" information about you, such as your language settings or login information. These cookies are set by us and are known as first-party cookies. We also use third-party cookies, which originate from other providers. We may use cookies to support our advertising and marketing efforts. In particular, we use cookies and other tracking technologies for the following purposes:

Strictly necessary cookies

These cookies are necessary for the website to function and cannot be deactivated in your systems. Generally, these cookies are only set in response to actions you take that fulfil a service request, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block these cookies or to notify you about these cookies. It is possible that not all functions of the website will then be available to you. These cookies generally do not store any personal data.

Cookies subgroup	Cookie subgroup	Period of validity	Cookies used
OptanonConsent	onlineapo.at	364 days	Initial provider
OptanonAlertBoxClosed	onlineapo.at	364 days	First-party provider
cookie-preference	www.onlineapo.at	29 days	First-party provider
timezone	www.onlineapo.at	29 days	Initial provider
session-	www.onlineapo.at	session	First-party provider

Functional cookies

These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third-party providers whose services we use on our pages. If you do not allow these cookies, some or all of these services may not function properly.

Cookies	Cookie subset	Validity period	Cookies used
apay-session-set	www.onlineapo.at	364 days	First-party provider
zen-sales-countdown-bar	www.onlineapo.at	364 days	first provider
language	www.onlineapo.at	A few seconds	First-party provider
zen-notification-bar	www.onlineapo.at	364 days	First-party provider
session-id	amazon.com	364 days	Third-party provider
session-id-time	amazon.com	364 days	third-party provider
session-id-apay	amazon.com	364 days	third party provider
session-token	amazon.com	364 days	third party provider
vuid	vimeo.com	729 days	third party provider
__cf_bm	vimeo.com	A few seconds	Third party provider

Performance cookies

These cookies allow us to count visits and traffic sources so that we can measure and improve the performance of our website. They help us answer questions such as which pages are the most popular, which are the least used and how visitors move around the site. All information collected by these cookies is aggregated and therefore cannot be directly attributed to an individual. If you do not allow these cookies, we will not know when you have visited our website.

cookies	Cookie subgroup	Period of validity	Cookies used
_gid	onlineapo.at	A few seconds	Initial provider
_ga	onlineapo.at	729 days	Initial provider
_gclxxxx	onlineapo.at	89 days	Initial provider
_ga_xxxxxxxxxxx	onlineapo.at	729 days	Initial provider
JSESSIONID	nr-data.net	session	Third party provider

Cookies for marketing purposes

These cookies may be set through our website by our advertising partners. They may be used by these companies to build a profile of your interests and show you relevant adverts on other websites. They do not directly store personal data, but are based on a unique identification of your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Cookies subgroup	Cookie subgroup	Validity period	Cookies used
_gat_UA-XXXXXX-X	onlineapo.at	A few seconds	Initial provider
_fbp	onlineapo.at	89 days	Initial provider
sib_cuid	www.onlineapo.at	29 days	Initial provider
	www.facebook.com	session	third party provider
VISITOR_INFO1_LIVE	youtube.com	179 days	Third party provider
CONSENT	youtube.com	729 days	third-party provider
YSC	youtube.com	session	Third party provider

We provide the following information on the individual purposes and services:

Google Analytics 4

If you have given your consent, this website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").

Google Analytics uses cookies that enable your use of our website to be analysed. The information collected by the cookies about your use of this website is usually transferred to a Google server in the USA and stored there.

In Google Analytics 4, the anonymisation of IP addresses is activated by default. Due to IP anonymisation, your IP address will be truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

During your visit to the website, your user behaviour is recorded in the form of "events" (e.g. interaction with the website, clicks on links or advertisements, downloads, etc.) and your browser settings are processed. Google will use this information on our behalf to analyse your pseudonymous use of the website and to compile reports on website activity. The reports provided by Google Analytics are used to analyse the performance of our website.

The data may be transmitted to the following recipients

Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Google LLC is certified under the EU-US Privacy Framework. We have also concluded the EU standard contractual clauses with Google.

If you do not wish to be tracked by Google Analytics, you can also prevent this by downloading and installing the browser add-on to deactivate Google Analytics: https://tools.google.com/dlpage/gaoptout?hl=de

You can find more information on the terms of use of Google Analytics and data protection at Google at https://marketingplatform.google.com/about/analytics/terms/de/ and at https://policies.google.com/?hl=de.

Google Fonts

This website uses Google Fonts from Google Ireland Limited ("Google") for the uniform display of fonts on this website. Google Fonts is operated by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. By using Google Fonts, information about your use of this website (including your IP address) may be transmitted to a Google server in the USA and stored there.

The data may be transmitted to the following recipient

Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy: https://www.google.com/policies/privacy/.

Google LLC is certified under the EU-U.S. Data Privacy Framework: https://www.dataprivacyframework.gov/list

Google Maps

This website uses Google Maps API, a service of Google Ireland Limited ("Google"), to complete address entries. Google Maps is operated by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. By using Google Maps, information about your use of this website (including your IP address) may be transmitted to and stored by Google on servers in the United States. Google may transfer the information obtained through Maps to third parties where required to do so by law, or where such third parties process the information on Google's behalf.

The data may be transmitted to the following recipients

Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

The Google privacy policy & additional terms of use for Google Maps can be found at https://www.google.com/intl/de_de/help/terms_maps.html

Google LLC is certified under the EU-U.S. Data Privacy Framework: https://www.dataprivacyframework.gov/list

Google Ads Conversion Tracking

If you have given your consent, this website uses Google Ads Conversion Tracking, a service provided by Google Ireland Limited ("Google") to measure the success of our Google Ads advertising campaigns. Google Ads Conversion Tracking is operated by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. We have activated the anonymisation of IP addresses by default. By using Google Ads Conversion Tracking, information about your use of this website (including your IP address) may be transmitted to and stored by Google on servers in the United States.

The data may be transmitted to the following recipient

Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

The Google Privacy Policy & Additional Terms of Use for Google Ads Conversion Tracking can be found at https://policies.google.com/privacy

Google LLC is certified under the EU-U.S. Data Privacy Framework: https://www.dataprivacyframework.gov/list

YouTube

This website uses YouTube, a video service provided by YouTube LLC (YouTube), to display videos and clips. YouTube is operated by YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA.

By using YouTube, information about your use of this website (including your IP address) may be transmitted to a YouTube or Google server in the USA and stored there. YouTube may transfer the information obtained through videos consumed to third parties if this is required by law or if third parties process this data on behalf of YouTube.

The data may be transmitted to the following recipients

Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

The Google privacy policy & additional terms of use for YouTube can be found at https://www.google.de/intl/de/policies/privacy/

Google LLC is certified under the EU-U.S. Data Privacy Framework: https://www.dataprivacyframework.gov/list

Shopware Analytics

Purpose of processing: Together with our shop software service provider, we analyse certain information about our customer base under joint responsibility (e.g. customer group, pages visited, click paths, date and time of visit, information about the end device used (resolution, resolution density, operating system), referrer URL, information about the browser used, locale, search queries and time zone). This information is processed by an external service provider and forwarded to us in approximate real time so that we can monitor the use of our website and improve our services.
Legal basis: Art. 6 para. 1 letter f GDPR
Data categories: Derived from master and contact data (the customer group, no individual customer data), usage data, connection data
Recipients of the data: shopware AG, Ebbinghoff 10, 48624 Schöppingen, Germany (as joint controller), IT service provider
The essence of joint responsibility: The joint responsibility exists between us and shopware AG; the data is collected in our shop and then transferred to the servers of shopware or its service providers; with the exception of obtaining your consent for the use of cookies or comparable technologies and the fulfilment of these information obligations, all obligations, in particular the implementation of data subject rights, are the responsibility of shopware AG, which you can reach at legal@shopware.com. You can also assert your data subject rights with us; we will then forward your enquiry to shopware AG accordingly. shopware AG can derive behaviour patterns on our store from the data collected, but cannot assign this data to you as a person.
Intended third country transfer: None
Do we store or read personal data on your end device based on your consent? Yes, see Consent Management for details.

ClickCease

Our website uses the ClickCease service, a service provided by Cheq AI Technologies Ltd, 40 Yitzhak Sadeh St., Tel Aviv, Israel. ClickCease is used to recognise and prevent click fraud in online advertising, especially in Google Ads campaigns.

For this purpose, technically necessary data such as:

IP address (anonymised if necessary)
Information about the device and browser used
Referrer URL
Pages visited
Mouse movements and click behaviour

collected and analysed by ClickCease. The data processing is carried out on the basis of our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR, namely to protect our website and advertising budgets from misuse and manipulation.

Legal basis: Art. 6 para. 1 lit. f GDPR - legitimate interest (protection against click fraud)

Data transfer to third countries: ClickCease is a service based in Israel. The European Commission has certified that Israel has an adequate level of data protection in accordance with Art. 45 GDPR. Nevertheless, we have agreed additional protective measures with the provider (including standard contractual clauses) to ensure a high level of data protection.

You can find more information on data processing by ClickCease at: https: //www.clickcease.com/privacy.html

Microsoft Clarity

We work with Microsoft Clarity and Microsoft Advertising to track how you use and interact with our website. We use behavioural metrics, heatmaps and session replays to improve and market our products and services. Website usage data is collected using first and third-party cookies and other tracking technologies to analyse the popularity of products/services and online activities. We also use this information to optimise the website, for fraud/security prevention and for advertising purposes. For more information on how Microsoft collects and uses your data, please refer to the Microsoft Privacy Policy.

The data may be transmitted to the following recipients

Microsoft Corporation, One Microsoft Way, Redmond, WA, USA

Meta Pixel

This website uses the "Meta Pixel" from Meta Platforms Ireland Limited, Merrion Road, Dublin 4, DO4 X2K5, Ireland (Meta) for remarketing purposes. This allows users of the website to be shown interest-based adverts (e.g. "Facebook Ads") when visiting social networks of the provider Meta.

By integrating the Meta Pixel, Meta can receive the information that you have accessed a corresponding page of our website or have clicked on an advert from us. If you are registered with a Meta service, Meta can assign the visit to your account. Meta can provide us with reports and analyses in aggregated and anonymised form.

The data may be transmitted to the following recipients

Meta Platforms Inc, 1 Hacker Way, Menlo Park, CA, USA

Meta Platforms Inc. is certified under the EU-U.S. Data Privacy Framework: https://www.dataprivacyframework.gov/list

Further information on how Meta processes personal data, including its legal basis and further information on the rights of data subjects can be found here: https://www.facebook.com/about/privacy.

Integration of the Trusted Shops Trustbadge / other widgets

Trusted Shops widgets are integrated on this website to display Trusted Shops services (e.g. seal of approval, collected reviews).

This serves to safeguard our legitimate interests, which predominate in the context of a balancing of interests, in optimal marketing by enabling secure shopping in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR. The Trustbadge and the services advertised with it are an offer from Trusted Shops AG, Subbelrather Str. 15C, 50823 Cologne ("Trusted Shops"), with which we are jointly responsible under data protection law in accordance with Art. 26 GDPR. In the context of this data protection notice, we inform you below about the essential contents of the contract in accordance with Art. 26 para. 2 GDPR.

Within the scope of the joint responsibility existing between us and Trusted Shops, please contact Trusted Shops in case of data protection questions and to assert your rights using the contact options provided in the data protection information. Irrespective of this, you can always contact the controller of your choice. If necessary, your enquiry will then be forwarded to the other responsible party for answering.

1. data processing when integrating the trust badge/other widgets

The trust badge is provided by a US CDN provider (content delivery network).
An adequate level of data protection is ensured in each case by an adequacy decision of the EU Commission, which can be accessed here for the USA. Service providers used from the USA are generally certified under the EU-U.S. Data Privacy Framework (DPF). Further information can be found here. If the service providers used are not certified under the DPF, standard contractual clauses have been concluded as a suitable guarantee.

When the Trustbadge is accessed, the web server automatically saves a so-called server log file, which also contains your IP address, the date and time of access, the amount of data transferred and the requesting provider (access data) and documents the access. The IP address is anonymised immediately after collection so that the stored data cannot be assigned to your person. The anonymised data is used in particular for statistical purposes and for error analysis.

2. Data processing after order completion

If you have given your consent, the Trustbadge accesses the order information stored in your end device (order total, order number, product purchased if applicable) and e-mail address after the order has been completed and your e-mail address is hashed using a cryptological one-way function. The hash value is then transmitted to Trusted Shops with the order information in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. This serves to check whether you are already registered for Trusted Shops services. If you are registered, further processing will be carried out in accordance with the contractual agreement concluded between you and Trusted Shops. If you are not yet registered for the services or do not give your consent to automatic recognition via the Trustbadge, you will then be given the opportunity to give your consent to receive rating invitations. Without consent, no order information will be transmitted to Trusted Shops.

Trusted Shops uses service providers in the areas of hosting, monitoring and logging. The legal basis is Art. 6 para. 1 lit. f GDPR for the purpose of ensuring trouble-free operation. Processing may take place in third countries (USA and Israel).
An adequate level of data protection is ensured in each case by an adequacy decision of the EU Commission, which can be accessed here for the USA and here for Israel. Service providers used from the USA are generally certified under the EU-U.S. Data Privacy Framework. Further information can be found here. If the service providers used are not certified under the DPF, standard contractual clauses have been concluded as a suitable guarantee.

Mable

If you consent to this, we use the Mable.ai service of Mable GmbH (Register Court: AG Mannheim, HRB 744199), based at Bahnhofplatz 12, 76137 Karlsruhe (hereinafter "Mable") on our website. Mable enables us, in the interests of users and in our own interests, to better control our data flows and to decide and manage which data is passed on to third parties. It also enables us to independently analyse this data according to our own criteria. Mable enables us to use programmes from partners without integrating their code into our website. Instead of the direct server connection, the partner receives the aggregated data, if available, from us.

The following website user data is processed for the aforementioned purpose of processing and forwarding: a pseudonymous user ID; visitor behaviour on websites (visitor behaviour includes, among other things, data on where visitors come from, which areas of a website are visited and how often and for how long which subpages and categories are viewed). This data may be added to the information stored in your user account or collected during the order process, regardless of whether the purchase has been completed.

PriceSpider

This website uses the Pricespider service provided by NeuIntel, LLC (20 Pacifica Suite 1000, Irvine, CA, United States, California). We use a hash value created based on your IP address and other information to track sales of our products and services through our partners. All sales information is aggregated at an anonymised level. The hash value and all sales information will be deleted 7 days after your visit to our website. Insofar as the data is transferred to a third country outside the European Economic Area, this transfer is subject to the standard contractual clauses for processors (controller-to-processor), which we will make available to you on request.

7.4 Social media pages

Facebook and Instagram (Meta Platforms)

We operate the Facebook page of ONLINEAPO.at and the Instagram page rosenapotheke_rosental (social media pages) and are the controller for the processing on these pages. On our social media pages, we process information about your activities, such as likes, posts or comments. We also receive summarised (anonymous) statistics from Meta (Meta Platforms Ireland Limited, Merrion Road, Dublin 4, DO4 X2K5, Ireland), which are created by Meta and logged on the Meta servers when people interact with pages and the content associated with them (e.g. Facebook Page Insights).

When processing personal data on our social media pages as part of Facebook Page Insights, we are joint controllers with Facebook (Meta Platforms Ireland Limited, Merrion Road, Dublin 4, DO4 X2K5, Ireland). This means that Facebook and we jointly determine the purposes and means of this processing.

We receive anonymous statistics from Meta about how people interact with our pages and the content associated with them. We have no influence on how Meta processes your data. The creation of page insights by Meta may be based on the processing of personal data. According to its own information, Meta processes, among other things, information about what content you view or how you interact with this content. The information actually collected by Meta depends on whether and how you use the Meta Products.

Meta assumes all obligations under the GDPR for the processing of Insights data, including the fulfilment of the right of access to data processing and the right to erasure. If you assert your data subject rights regarding Insights data against us, we are contractually obliged to forward all relevant information on such requests to Meta within 7 days.

The data processed when you use our social media pages is generally transferred to a Meta server in the USA and stored there.

The data may be transmitted to the following recipients

Meta Platforms Inc, 1 Hacker Way, Menlo Park, CA, USA

Meta Platforms Inc. is certified under the EU-U.S. Data Privacy Framework: https://www.dataprivacyframework.gov/list

Further information on Facebook Page Insights and our joint responsibility for data processing with Facebook can be found here: https://www.facebook.com/legal/terms/page_controller_addendum

Further information on data use by Meta as well as setting and objection options can be found on the Facebook https://de-de.facebook.com/privacy/policy and Instagram https://help.instagram.com/155833707900388 websites

8 Rights of the data subject

You have the right to free information about your stored personal data, its origin and recipients and the purpose of data processing as well as the right to rectification, restriction of processing, objection to data processing and erasure of this data and the right to data portability at any time. To do so, you can contact us by post or email at info@onlineapo.at.

If processing is based on consent, you have the right to withdraw this consent at any time with effect for the future.

If you believe that the processing of your personal data violates data protection law or your data protection claims have otherwise been violated in any way, you have the right to appeal to the supervisory authority. In Austria, the Data Protection Authority, Barichgasse 40-42, 1030 Vienna, is responsible.

Status: November 2025

Onlineapo.atRosen-Apotheke OG - Data protection information

1. data collection and origin of the data

2. use and disclosure of personal data in general

3 Purposes and legal bases of data processing

3.1. fulfilment of contractual / pre-contractual obligations (Art. 6 para. 1 lit. b GDPR)

3.2 Necessity for preventive health care and care (Art. 9 para. 2 lit. h para. 3 GDPR)

3.3 Processing in the context of a balancing of interests (Art. 6 para. 1 lit. f GDPR)

3.4 Processing within the scope of your consent (Art. 6 para. 1 lit. a GDPR)

Newsletter

3.5 Processing on the basis of legal requirements (Art. 6 para. 1 lit. c GDPR)

4 Data transfer and disclosure

5 Data transfer to a third country

6 Duration of data storage

7 Special processing for website use

7.1 Use without consent

7.2 Use with your further consent

7.3 Overview of the cookies and tools used

Cookies

Strictly necessary cookies

Functional cookies

Performance cookies

Cookies for marketing purposes

Google Analytics 4

Google Fonts

Google Maps

Google Ads Conversion Tracking

YouTube

Shopware Analytics

ClickCease

Microsoft Clarity

Meta Pixel

Integration of the Trusted Shops Trustbadge / other widgets

1. data processing when integrating the trust badge/other widgets

2. Data processing after order completion

Mable

PriceSpider

7.4 Social media pages

Facebook and Instagram (Meta Platforms)

8 Rights of the data subject

Wir bleiben in Kontakt!

Onlineapo.at
Rosen-Apotheke OG -
Data protection information