Privacy

Privacy policy

1.1 In the following we inform you about the collection of personal data. Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behavior.

1.2 The responsible parties pursuant to Article 4 (7) of the EU General Data Protection Regulation (DS-GVO) are Rosen Apotheke, Nadja Wehner e.K., Happinger Straße 77 b, 83026 Rosenheim, info@rosen-apotheke-rosenheim.de (see our imprint).

1.3 When you contact us by e-mail or via our online contact form, the data you provide (e.g. your e-mail address and your first and last name) will be stored by us in order to answer your inquiries. We delete the data accrued in this context after the storage is no longer necessary or restrict the processing if there are legal obligations to retain data.

2.2 You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.

3.2 Use of cookies:
This website uses the following types of cookies, the scope and functionality of which are explained below:

4.1 This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. In the event that IP anonymization is activated on this website, however, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.

4.2 The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.

4.3 You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

4.4 This website uses Google Analytics with the extension “_anonymizeIp()”. This means that IP addresses are processed in abbreviated form, thus excluding the possibility of personal references. Insofar as the data collected about you is related to a person, this is therefore immediately excluded and the personal data is thus immediately deleted.

4.5 We use Google Analytics to analyze and regularly improve the use of our website. The statistics obtained enable us to improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6 para. 1 p. 1 lit. f DS-GVO.

4.6 Information of the third party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User conditions: https://www.google.com/analytics/terms/de.html, overview of data protection: https://www.google.com/intl/de/analytics/learn/privacy.html, as well as the privacy policy: https://www.google.de/intl/de/policies/privacy.

4.7 To ensure sufficient data security when submitting forms, we use the service reCAPTCHA. The provider is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. The use of reCAPTCHA is primarily used to determine whether an input is made by a natural person or abused by machine and automated processing. The service leads to a dispatch of the IP address and possibly further data required for the reCAPTCHA service to Google. The data processing is based on Art. 6 para. 1 p. 1 lit. f DS-GVO. We have a legitimate interest in protecting our web offers from abusive automated spying and from SPAM.
For more information on Google’s privacy policy, please visit
https://www.google.com/recaptcha/intro/android.html or
https://www.google.com/intl/de/policies/privacy/.

5.1 With your consent, you can subscribe to our newsletter, with which we inform you about our current interesting offers from our product range.

5.2 For the registration to our newsletter we use the so-called double-opt-in procedure. This means that after your registration, we will send you an e-mail to the specified e-mail address in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store your respective IP addresses used and times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.

5.3 The only mandatory information for sending the newsletter is your e-mail address. After your confirmation, we store your e-mail address for the purpose of sending the newsletter. The legal basis is Art. 6 para. 1 p. 1 lit. a DS-GVO.

5.4 You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can declare the revocation by clicking on the link provided in each newsletter email, via the form on the website, by email to newsletter@rosen-apotheke-rosenheim.de or by sending a message to the contact details provided in the imprint.

8.6 Addresses of the respective plug-in providers and URL with their privacy notices:

8.6.1 Facebook Inc, 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; Facebook has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

8.6.2 Google Inc, 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=de. Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

8.6.3 Twitter, Inc, 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy. Twitter has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

8.6.4 Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland; https://policy.pinterest.com/de/privacy-policy.

We have integrated YouTube videos into our online offer, which are stored on http://www.YouTube.com and can be played directly from our website. By visiting the website, YouTube receives the information that you have called up the corresponding sub-page of our website. In addition, the data that is processed when visiting any website (see above) is transmitted. This occurs regardless of whether YouTube provides a user account through which you are logged in or whether there is no user account. If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment with your profile at YouTube, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right. Further information on the purpose and scope of data collection and its processing by YouTube can be found in the privacy policy. There you will also find further information on your rights and setting options to protect your privacy: https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

10.1 Categories of personal data processed: Prescription data, health data, name data, address data, contact data, date of birth, contract data, billing data.

10.2 Criteria for determining the storage period of personal data: The legislator has enacted a wide range of retention obligations and periods. After expiration of these periods, the corresponding data is routinely deleted if it is no longer required to fulfill the order. If data is not affected by this, it is deleted when the purposes stated for collecting it no longer apply. Declarations of consent which are not used for two years (e.g. through the use of the customer card) will be deleted insofar as this does not conflict with statutory storage obligations.

10.3 Purposes for which the personal data are processed: Provision of medicines by a public pharmacy Accounting vis-à-vis health insurance companies Customer loyalty.

10.4 Legal basis for data processing: Supply of medicines by a public pharmacy: legal permission, Art. 6 (1) p. 1 lit. b, 9 (2) DS-GVO. Billing to health insurance companies: legal permission, Art. 6 para. 1 p. 1 lit. b, 9 para. 2 DS-GVO, § 300 SGB V. Customer loyalty: consents, Art. 6 para. 1 p. 1 lit. a DS-GVO.

10.5 Provision of personal data required for the conclusion of a contract: Yes, with regard to the supply of prescription medicines, which cannot otherwise take place.

10.6 Categories of recipients of the personal data: Internal: employees in main and branch pharmacies involved in the execution and fulfillment of the respective information processes. Externally: external bodies with which commissioned data processing agreements are concluded in accordance with Art. 28 DS-GVO, such as health insurance funds and pharmacy billing bodies; doctors, hospitals, therapists, care and nursing facilities; public bodies which receive data on the basis of statutory regulations, such as tax authorities and social insurance carriers; IT service providers; tax consultants.

10.7 Data is not transferred abroad and is not intended to be transferred abroad.

10.8 Sections 1 and 2 of this data protection declaration shall also apply to data collections within the meaning of Section 10.

11.1 Categories of personal data that are processed: Name data, address data, contact data, date of birth, contract data, billing data.

11.2 Criteria for determining the storage period of personal data: The legislator has enacted a wide range of retention obligations and periods. After expiration of these periods, the corresponding data is routinely deleted if it is no longer required to fulfill the order. If data is not affected by this, it is deleted when the purposes stated for collecting it no longer apply. Declarations of consent which are not used for two years (e.g. through the use of the customer card) will be deleted insofar as this does not conflict with statutory retention obligations.

11.3 Purposes for which the personal data are processed: Contract processing in a natural food store Customer loyalty.

11.4 Legal basis for data processing: contract processing in a health food store: legal permission, Art. 6 para. 1 p. 1 lit. b. Customer loyalty: consents, Art. 6 para. 1 p. 1 lit. a DS-GVO.

11.5 The provision of personal data is not required for the conclusion of a contract. The online order makes it necessary to provide certain personal data requested as part of the order.

11.6 Categories of recipients of the personal data: Employees involved in the execution and fulfillment of the respective information processes.

11.7 A transfer abroad does not take place and is not intended.

11.8 Items 1 and 2 of this data protection declaration also apply to data collections as defined in item 11.

In the area of card payments (direct debit/girocard/credit cards) we work together with Concardis GmbH (Concardis), Helfmann Park 7, D-65760 Eschborn, represented by its managing directors Mark Freese, Jens Mahlke and Luca Zanotti.

In this context, in addition to the purchase amount and datu, card data will also be transmitted to the above-mentioned company.

All payment data as well as data on any chargebacks that may occur will only be stored as long as they are needed for payment processing (including the processing of possible chargebacks and debt collection) and to combat abuse. As a rule, the data is deleted no later than 13 months after it is collected.

Beyond this, further storage may take place if and as long as this is necessary to comply with a statutory retention period or to prosecute a specific case of abuse. The legal basis for data processing is Art. 6 (1) f) of the General Data Protection Regulation.

You can request information and, if necessary, correction or deletion as well as restriction of the processing of your data and/or, if necessary, object to the processing of your data. If you have any questions regarding data processing by Concardis or to assert your aforementioned rights, you can contact the data protection officer, who can be reached at the address given or by e-mail at Datenschutzbeauftragter@concardis.com.

Furthermore, you have the right to complain to a supervisory authority (in Germany, the state data protection commissioners). We would like to point out that the provision of payment data is neither legally nor contractually required. If you do not want to provide your payment data, you can use another payment method (e.g. cash payment).