Click to join the Loyalty Club
ONER ACTIVE Austria GmbH
Römerstraße 18
6065 Thaur, Austria
gdpr@oneractive.com
Effective Date: 23 October 2025
1. Important Information and Who We Are
This privacy policy gives you information about how Oner Active collects and uses your personal data through your use of this website, including any data you may provide when your register an account with us, sign up to our newsletter, purchase a product, or take part in a competition.
We are committed to protecting your personal data and your privacy rights under applicable data protection laws, including the General Data Protection Regulation (GDPR).
Controller:
Oner Active Austria GmbH is and Oner Active UK Ltd are the controller and responsible for your personal data, collectively referred to as ‘Oner Active” "we", "us" or "our", in this privacy policy.
2. The Types of Personal Data We Collect About You
Personal data means any information about an individual from which that person can be identified.
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
● Identity Data: first name, last name, title, date of birth, username and password
● Contact Data: email address, phone number, delivery address, billing address
● Usage Data: how you interact with and use our website, products and services, pages visited, time spent on site, clicks, product interactions
● Marketing Data: newsletter preferences, marketing consents
● Communication Data: customer service inquiries, message content through Zowie.
● Technical Data: IP address, login data, date and time of your inquiry, time zone difference to Greenwich Mean Time (GMT), content of the request (actual page), access status/HTTP status code, transmitted data volume, wWebsite from which the request is received, browser, operating system and its interface, language and version of the browser software, cookies and tracking technologies
● Transactional Data: order details, payment confirmations, card numbers linked to your account with third party payment providers e.g. Klarna, PayPal, Afterpay, Clearpay, Stripe (note: we do not store full payment card information)
● Third-Party Platform Data: data from platforms like Meta, Google, and TikTok for advertising and reviews on Trustpilot.
3. How Is Your Personal Data Collected?
We use different methods to collect data from and about you including through:
● Your Interactions with us: when you subscribe to our newsletter, contact customer service, create an account, place an order or enter a competition
● Automated Technologies: as you interact with our website, we automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data using cookies and similar technologies.
● Third Parties: from partners like Emarsys (email marketing), eE-commerce (Shopify), Payment (PayPay, Klarna, Afterpay, Clearpay and Stripe) and marketing partners (e.g., Meta, Google, TikTok)
● Customer Support Tools: interactions through Zowie, our customer service platform.
● Third parties are contractually bound to process your data only on our behalf and according to applicable data protection laws.
4. How We Use Your Personal Data
The law requires us to have a legal basis for collecting and using your personal data. We rely on one or more of the following legal bases:
● To Send Newsletters (with your consent under Art. 6(1)(a) GDPR)
○ We use a double opt-in process for newsletter sign-up
○ You can unsubscribe at any time via the unsubscribe link or by contacting us
● Customer Service Support
○ Provided through Zowie, which processes your inquiries under a data processing agreement
● Website functionality and personalisation
○ Server log files; hHosted by Shopify
○ Through cookies and similar technologies
○ Some cookies are essential for site operation (legitimate interest)
○ Others are used for analytics, advertising, or personalisation (with your consent)
● Lookalike marketing campaigns
○ We may share hashed or anonymised data with advertising partners like Meta, Google, and TikTok
○ This allows us to reach new potential customers with similar interests
○ You can object to this by emailing us at info@oneractive.com
● Rating Invitations
○ If you give us your explicit consent, we share your email address with Trustpilot to invite you to leave a review
● To comply with Legal Obligations
○ Including fraud prevention, tax, or audit compliance
Purposes for which we will use your personal data
We have set out below, in a table format, a description of all the ways we plan to use the various categories of your personal data, and which of the legal bases we rely on to do so. Where relevant, we have also identified our legitimate interests.
|
Purpose/ Use |
Type of Data |
Legal basis and retention period |
|
To register you as a new customer |
Identity, Contact, Marketing and Communications |
Performance of a contract with you (Art. 6(1)(b) GDPR). Minimum required data marked with a star (*). Retained for as long as you hold an account with us or as required by law. |
|
To process and deliver your order including: (a) Managing payments, fees and charges (b) Collecting and recovering money owed to us |
Identity, Contact, Financial, Transaction and Communications |
Performance of a contract with you (Art. 6(1)(b) GDPR) and our legitimate interest to recover debts (Art. 6(1)(f) GDPR). Stored only as necessary for the duration of your purchase and any applicable legal retention period. Credit card data is encrypted and processed in accordance with PCI-DSS. |
|
To manage our relationship with you which will include: (a) Notifying you about changes to our terms or privacy policy (b) Dealing with your requests, complaints and queries |
Identity, Contact, Marketing, Communications and Transactional |
Performance of a contract (Art. 6(1)(b) GDPR), compliance with a legal obligation (Art. 6(1)(c) GDPR), and our legitimate interest to keep records updated and manage customer relationships (Art. 6(1)(f) GDPR). |
|
Customer service support via Zowie |
Identity, Contact, Communications and Transactional |
Performance of a contract (Art. 6(1)(b) GDPR) and legitimate interest to provide efficient customer service (Art. 6(1)(f) GDPR). Data processed in accordance with our Data Processing Agreement with Zowie and retained only as necessary to resolve your inquiry or as required by law. |
|
To enable you to partake in competitions |
Identity, Contact, Usage, Marketing and Communications |
Performance of a contract (Art. 6(1)(b) GDPR) and legitimate interest to study how customers use our products/services, develop them, and grow our business (Art. 6(1)(f) GDPR).
Retained until the competition is concluded and any legal retention period expires. |
|
To administer and protect our business and this website, including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data |
Identity, Contact, Technical, Usage |
Legitimate interest to run our business, provide administration and IT services, ensure network security, prevent fraud, and enable business reorganisation (Art. 6(1)(f) GDPR). Access data is retained only as long as necessary to fulfil these purposes. |
|
To deliver relevant website content and online advertisements to you and measure or understand the effectiveness of the advertising we serve to you |
Identity, Contact, Usage, Marketing and Communications, Technical |
Legitimate interest to understand how customers use our products/services, develop them, grow our business, and inform our marketing strategy (Art. 6(1)(f) GDPR). Retained for as long as necessary for marketing purposes or until you opt-out. Individuals can object by contacting info@oneractive.com. |
|
To use data analytics to improve our website, products/services, customer relationships and experiences and to measure the effectiveness of our communications and marketing |
Technical, Usage |
Legitimate interest to define customer types, keep our website updated and relevant, develop our business, and inform our marketing strategy (Art. 6(1)(f) GDPR). Access data is retained only for as long as necessary to achieve these purposes. |
|
To send you relevant marketing communications and make personalised suggestions and recommendations to you about goods or services that may be of interest to you based on your data |
Identity, Contact, Technical, Usage, Marketing and Communications |
Consent (Art. 6(1)(a) GDPR). We use a double opt-in procedure for newsletter subscriptions. Managed via our third-party processor Emarsys. You may withdraw consent at any time. |
Marketing:
You will receive our marketing newsletter if you have opted in. We may use your Identity, Contact, and Technical data to understand your preferences and send you products that may interest you.
Our newsletter is sent via Emarsys, our third-party email provider. We have a data processing agreement with Emarsys to protect your personal data. You can learn more at https://emarsys.com.
Opting out of marketing:
You can unsubscribe at any time by:
- Clicking the unsubscribe link in any newsletter email, or
- Contacting us via the details in our imprint.
If you opt out of marketing emails, you will still receive essential service communications (e.g. order confirmations).
Cookies:
We use cookies to create a unique device ID so we can recognise you, keep our website secure, understand how you use it, and improve your experience. Cookies also help us measure performance, analyse visitor interests, and deliver relevant content or ads. We use both first-party cookies (from our domain) and third-party cookies (from other providers).
You can control cookies through your browser settings—allowing them only in certain cases, blocking them entirely, or deleting them automatically when you close your browser. Blocking cookies may reduce functionality or limit access to parts of the site. Our cookie banner and Privacy Preference Centre let you choose which cookies to accept (apart from those strictly necessary). You can withdraw your consent or object to legitimate interest–based cookies at any time.
· Strictly Necessary Cookies: Required for the website to work (e.g., privacy settings, logging in, form submissions). Set for our legitimate interests in running a secure, functional site. Blocking these may stop parts of the site from working.
· Functional Cookies: Provide enhanced features and personalisation, set by us or third-party services. Disabling may reduce functionality.
· Performance Cookies: Count visits and track traffic sources to measure and improve site performance. Data is aggregated and anonymous. Blocking these means we cannot see how the site is used.
· Targeting Cookies: Set by advertising partners to build interest profiles and show relevant ads. Based on device/browser ID rather than personal info. Blocking these will reduce targeted advertising.
Some cookies come from trusted third parties that help with analytics, site performance, and tailored advertising. Strictly necessary cookies are used based on legitimate interests; all others require your consent.
5. Disclosures of Your Personal Data
We may share your personal data where necessary with the parties set out below for the purposes set out in the table above:
OA Group companies:
- Oner Active UK Limited (UK shop and operations)
- Oner Active USA LLC (US shop and operations)
Third-party service providers:
● Social Unlimited Group (IT infrastructure)
● Emarsys (email newsletters)
● Zowie (customer support
● Shopify
● Payment
● Advertising platforms (Google, Meta, TikTok)
Authorities or regulators: where required by law or to protect rights
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
6. International Transfers
We share your personal data within the ONER ACTIVE Group, which includes ONER ACTIVE Austria GmbH. This may involve transferring your data between our entities in the UK and Austria.
We may also transfer your personal data to trusted service providers that perform functions on our behalf.
These providers may be located outside the UK and/or the European Economic Area (EEA), in countries whose laws may not provide the same level of data protection as those in the UK or EEA.
Whenever we transfer your personal data internationally, we ensure a similar level of protection by:
● Only transferring data to countries deemed by the UK and/or the European Commission to provide an adequate level of protection; or
● Using appropriate safeguards, such as Standard Contractual Clauses approved by the UK or EU, to ensure your data is protected and processed lawfully.
You can request further details about our international transfer safeguards by contacting us at info@oneractive.com.
7. Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We implement appropriate technical and organisational measures to safeguard your personal data, including:
● Encryption and secure servers
● Access controls and monitoring
Despite these measures, no transmission over the internet is 100% secure, and we cannot guarantee absolute security.
8. Data Retention
How long will you use my personal data for?
We keep your personal data only as long as necessary to fulfil the purposes we collected it for, including meeting legal, regulatory, tax, accounting, or reporting requirements. We may keep it longer if:
● You make a complaint
● We reasonably believe litigation is possible
When deciding how long to keep data, we consider:
● The amount, nature, and sensitivity of the data
● The risk of harm from unauthorised use or disclosure
● The purposes of processing and whether they can be achieved in other ways
● Relevant legal and regulatory requirements
Examples:
● By law, we keep basic customer data (Contact, Identity, Financial, and Transaction data) for six years after you stop being a customer, for tax purposes.
● Marketing data is kept until you withdraw consent or object.
● Newsletter sign-ups not confirmed within 24 hours are blocked and deleted automatically after one month.
In some cases, you can request deletion. We may also anonymise data for research or statistical purposes—in which case we may use it indefinitely without further notice.
9. Your Legal Rights
Under the GDPR, you have the following rights regarding your personal data:
- Access: Know what personal data we hold and how it’s used
- Correction: Ask us to fix inaccurate or incomplete data (we may need to verify the new data).
- Erasure: Request deletion of your data in certain conditions
- Restriction on Processing: Ask us to temporarily suspend processing in certain cases
- Objection: Object to processing based on our legitimate interests. You have an absolute right to object to direct marketing at any time.
- Portability:Request transfer of your data to you or a third party in a structured, machine-readable format
- Withdraw consent: At any time without affecting the lawfulness of past processing
-
Complain: Lodge a complaint with a data protection authority
How to exercise your rights: Email us at info@oneractive.com
No fee: You won’t usually have to pay, unless your request is unfounded, repetitive, or excessive—in which case we may charge or refuse.
What we may need: We might ask for proof of identity or more information to confirm your request.
Response time: We aim to respond within one month. Complex or multiple requests may take longer; if so, we’ll let you know and keep you updated.
10. Contact Details
If you have any questions about this privacy policy or about the use of your personal data or you want to exercise your privacy rights, please contact:
Oner Active
Email: info@oneractive.com
11. Complaints
If you're unhappy with how we handle your data, please contact us first so we can address your concerns. You also have the right to complain to your local data protection authority.
For customers in the EU:
You can submit a complaint via your national authority. A full list of authorities is available at:
https://www.edpb.europa.eu/about-edpb/about-edpb/members_en
Austria’s Data Protection Authority also offers complaint forms:
https://dsb.gv.at/eingabe-an-die-dsb/formulare
12. Changes to the Privacy Policy and Your Duty to Inform Us of Changes
We may update this privacy policy from time to time. Please check back periodically for the latest version. If we make significant changes, we will notify you by email or through our website.
Please also inform us if your personal data changes, to help keep our records accurate.
13. Third-Party Links
Our website may contain links to third-party websites, plugins, or applications. Clicking those links may allow third parties to collect or share data about you. We do not control these websites and are not responsible for their privacy policies. We encourage you to read the privacy policies of every site you visit.
