Byodo Naturkost GmbH, hereinafter referred to as “we” for simplicity’s sake, has the utmost respect for your privacy. As such, we take the protection of your personal data, for example your name, date of birth, address, e-mail address, telephone no., etc., very seriously. This data protection notice regulates the collection, processing and use of your personal data, if and insofar as they are required for the use of our website. When handling these data, we adhere strictly to the pertinent statutory data protection regulations as well as the following principles.
By confirming your agreement with the data protection principles when using our websites, especially with regard to the placing of orders, subscription to our newsletter and filling in of our contact forms, you expressly consent to the use of your personal data and instruct us to do so in the manner prescribed by said data protection principles. The following data protection principles and the public directory (only available in German) describe in detail how we collect and use this information.
Tabel of contents
Personal data is any information relating to an identified or identifiable natural person. A natural person is viewed as identifiable if they can be identified, directly or indirectly, in particular by reference to an ID, such as a name, an identification number, location data, an online ID or one or more specific factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. This includes data such as your real name, address, telephone number and date of birth. Information that cannot be directly linked to your real identity, such as preferred websites or the number of users of a site, is not considered personal data.
The data controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the Member States as well as other data protection regulations is:
Byodo Naturkost GmbH
Tel.: +49 (0)8631 3629-0
Fax: +49 (0)8631 3629-750
Any data subject may contact us or our data protection officer directly should they have any questions or suggestions regarding data protection.
The controller’s external data protection officer is:
Jens Engelhardt, his substitute is Erdem Durmus,
c/o NOTOS Xperts GmbH
Heidelberger Str. 6
Telephone: +49 (0)6151 52010-0
Fax: +49 (0)6151 52010-99
First of all, we would like to inform you in general about the principles of data processing on our website.
3.1 Data deletion and storage period
In principle, your data will be deleted as soon as the purpose for which it was collected has been fulfilled. We process your personal data, in so far as necessary, for the duration of the entire business relationship (from the initiation to the processing to the termination of a contract) and beyond that in accordance with the statutory retention and documentation obligations, which result, among other things, from the German Fiscal Code (AO) or other statutory requirements.
3.2 Security of your data
The personal data provided by you will be secured by taking all necessary technical and organisational security measures in accordance with Art. 24 and 32 GDPR so that they are protected from access by unauthorised third parties.
3.3 Forwarding of data to third parties
We do not forward any data to third parties without your consent unless this is also expressly permitted by law without your consent or is necessary due to a judicial or official request. The forwarding of personal data to service providers (e.g., payment service providers, logistics companies) who process personal data on our behalf represents an exception. This is particularly the case for the fulfilment of contracts for the purpose of processing purchases via our online shop.
Our website collects a series of general data and information every time it is visited. This general data and information is stored in the server log files. The following information may be collecte
(1) the browser types and versions used;
(2) the operating system used by the accessing system;
(3) the website from which an accessing system arrives at our website (referrer);
(4) the sub-sites that are accessed via an accessing system on our website;
(5) the date and time of an access to the website;
(6) an Internet Protocol (IP) address;
(7) the Internet service provider (ISP) of the accessing system; and
(8) other similar data and information that serve to avert danger in the event of attacks on our information technology systems.
When processing this general data and information, we do not draw any conclusions about you as an individual. Rather, this information is required in order to:
(1) supply the contents of our website correctly;
(2) optimise the content of our website and the advertising for it;
(3) ensure the long-term functionality of our information technology systems and the technology of our website; and
(4) to provide law enforcement authorities with the information necessary for prosecution in the event of a cyberattack.
We evaluate this collected data and information, on the one hand, statistically and, on the other hand, with the aim of identifying security incidents and cyberattacks in order to increase the data protection and data security of our enterprise so as ultimately to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored and statistically analysed separately from any personal data you provide.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the availability of the website, this is the case when the respective session has ended. In the case of storage of data in log files, this is the case after 60 days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or anonymised, so that it is no longer possible to link them to an accessing client.
The legal basis for the processing of this technical data about you is our legitimate interest in the operation of our website, increasing data security and detecting cyberattacks pursuant to Art. 6 Section 1 (f) GDPR.
The collection of data for the availability of the website and the storage of the data in log files is mandatory for the operation of the website. Consequently, there is no possibility of objection on the part of the user. The anonymisation of the data and subsequent statistical analysis of the personal data is based on our legitimate interest in the continuous improvement of our website pursuant to Art. 6 Section 1 (f) GDPR.
On our website, there is the possibility to subscribe to a free newsletter. When you register for the newsletter, the data from the input mask is transmitted to us. In addition, the following data is collected during registration:
The legal basis for sending the newsletter and determining the opening rate is your consent in accordance with Art. 6 Section 1 (a) GDPR, which you provide to us as part of the registration process for the newsletter. We have commissioned the order processor Sendinblue for the sending of the newsletter. An order processing agreement has been concluded with Sendinblue in accordance with Art. 28 GDPR in order to ensure the processing of your personal data in compliance with data protection law.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Accordingly, your user e-mail address will be stored as long as the subscription to the newsletter is active and you do not revoke your consent. You can cancel the subscription to the newsletter at any time by revoking your consent to the use of your personal data. For this purpose, each newsletter contains a corresponding link that you can select to unsubscribe from the newsletter and thus revoke your consent. Furthermore, you can send your revocation as an e-mail to firstname.lastname@example.org.
Our website contains a contact form which can be used for electronic contact as well as personal contact via post or telephone. Should a user take advantage of this option, the data entered in the input mask will be transmitted to us and stored. The following information is necessary for processing the inquiry and is therefore mandatory as input:
Furthermore, it is possible for you to contact us via e-mail at any time, in which case we shall process your e-mail address as well as the personal data contained in your message.
In both cases, the processing of your personal data is based on our legitimate interest in answering enquiries from customers as well as interested parties according to Art. 6 Section 1 (f) GDPR. In this context, the data will not be forwarded to third parties. The data is used exclusively for processing the conversation.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and that sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it is clear from the circumstances that the matter in question has been conclusively clarified.
Our website offers you the possibility to apply via an application form. Should you make use of this option, we process your personal data, which is necessary to decide on the establishment of an employment relationship with you.
For the technical implementation, we use the HR4you portal. This service provider has been checked by us in accordance with the data protection regulations and bound by contract (order data processing).
The personal data entered by you and documents uploaded to the portal are encrypted and transmitted in accordance with the current technical possibilities. Please note that you only provide relevant information.
We only use the communication data you have entered to contact you. Once your application has been submitted and received, access is only permitted to a relevant group of people (HR department, decision-makers), who are authorised to process it. If you have applied explicitly for an advertised position, but after the initial screening we determine that your potential may be better placed in another organisational unit, we shall obtain your consent before forwarding your data to said other organisational unit in application for a position there. In accordance with legal requirements, the data you provide will be stored for a maximum of six (6) months after the application has been processed. If you withdraw your application, your data will be deleted immediately unless there are other legal obligations (e.g., Section 61 (1) of the German Labour Courts Act (ArbGG) in conjunction with Section 15 of the German General Equal Treatment Act (AGG)) to retain your data.
The legal basis for the processing of your data in the context of the application is its necessity for the decision on the establishment of a contractual relationship with you pursuant to Section 26 (1) of the German Federal Data Protection Act (BDSG). Should your application not be successful, we may include you in an applicant pool with the information you provided in order to contact you in the event of future job postings. For this purpose, we obtain your prior consent, which you can revoke at any time with effect for the future.
On our website, we advertise events organised by us such as the End User Panel. You can participate in these events by contacting us via the details provided if you are interested. If you wish to participate in the event, we shall process your personal data in order to inform you about the details of participation, to register you for the event and to enable you to participate.
In so far as payment is required for the event, we process your personal data based on Art. 6 Section 1 (b) GDPR for the purpose of fulfilling the contract concluded with you. In this case, we process your payment data to process the payment to be made by you.
If it is a free event, we process your personal data based on our legitimate interest in holding the events, for increasing customer loyalty and for the improvement and further development of our products (Art. 6 Section 1 (f) GDPR). In both cases, we delete your personal data as soon as storage is no longer necessary for the above-mentioned purposes and no legal retention periods prevent said deletion.
Our website includes links to competitions and surveys that we organise. As part of these campaigns, we collect your personal data and process it in order to conduct the survey and utilise it to improve our products and services as well as to enable your participation in the competitions.
If we obtain your consent when collecting your data, the legal basis for processing your personal data is this consent. In this case, the personal data will be stored by us until the survey has been evaluated or the competition has finished, or until you revoke your consent. You can revoke your consent at any time in the manner indicated on the form. In such a case, you will be excluded from any competitions and your data will be deleted immediately.
If we do not obtain your consent, we shall process your personal data based on our legitimate interest to improve our products and customer loyalty and to carry out the campaign you have accessed in accordance with Art. 6 Section 1 (f) GDPR. In this case, you have the option to object to the processing. To do so, please contact our data protection officer at email@example.com. We process your personal data based on our legitimate interest until you object to the processing or the purposes of the processing have been achieved, i.e., the competition has been finished or the survey has been evaluated. Subsequently, your personal data will be deleted or anonymised immediately.
The following describes the services we use on our website for technical functionality and to improve the quality of our website. We obtain the consent required for this purpose for the use of the services and the data processing that takes place in this context via our cookie banner.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. In case of complete deactivation of cookies, the functionality of this website may be limited.
Cookies that are absolutely necessary to carry out the electronic communication process or to provide certain functions that you have requested (e.g., display of the website) are stored on the basis of our legitimate interest as per Art. 6 Section 1 (f) GDPR and due to the fact that the cookies are absolutely necessary for a function that you have expressly requested in accordance with Section 25 Para.2 No. 2 of the German Telecommunication Telemedia Data Protection Act (TTDSG).
We use the web analytics service Matomo on our website to analyse the use of our website and so as to be able to improve our website regularly. The statistics obtained allow us to improve our offering and make it more interesting for you as a user. For this purpose, we set cookies in order to be able to guarantee the analysis function of the tool.
Your IP address is shortened by Matomo (e.g., 111.xxx.xxx.xxx) and used for geolocation in order to classify visitors to our website according to region so that we can better plan our marketing campaigns. A direct inference to your person can thus be excluded. The IP address transmitted by your browser is neither merged with other data collected by us nor forwarded to third parties.
The processing of your personal data in the context of the use of Matomo and the setting of cookies is based on the consent given by you via the cookie banner in accordance with Art. 6 Section 1 (a) GDPR and Section 25 TTDSG. You can revoke this consent at any time with effect for the future by calling up our cookie banner again at the bottom left of our website via the green/white icon with a fingerprint and changing your settings for the analysis tools. Should you access individual pages of our website after you have given your consent to data processing by Matomo, the following data will be stored:
The Matomo software and the data collected using Matomo are operated, stored and processed exclusively on our own servers. The personal data is deleted as soon as it is no longer required for the purposes for which it was originally collected.
10.3. Facebook Pixel
We use the “Facebook Pixel” (basic version) of the social network Facebook, which is operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (“Facebook”), on our website.
The use of the Facebook Pixel makes it possible for Facebook to identify you as a visitor to our online offering as a target group for the placement of advertisements ( “Facebook ads and Instagram ads”).
Based on the express consent of the website visitors, we use the Facebook Pixel to display the Facebook and Instagram ads placed by us only to those Facebook and Instagram users who have also shown an interest in our online offering or who have certain characteristics (e.g., interests in certain topics or products determined on the basis of the websites visited) that we transmit to Facebook (“custom audiences”).
Specific information and details about the Facebook Pixel and how it works can be found in Facebook’s Help section: www.facebook.com/business/help/651294705016616. For the processing of data where Facebook acts as a processor, we have entered into a processing agreement with Facebook, under which Facebook is obligated to protect our customers’ data and not to disclose it to third parties.
We are aware of the potential transfer of your personal data to an unsafe third country in this context and have implemented appropriate safeguards in accordance with Art. 46 GDPR to ensure lawful and secure processing of your personal data. We store your data for up to 180 days after your last interaction.
The legal basis for the processing of your personal data in the context of the Facebook Pixel is your consent given in the cookie banner pursuant to Art. 6 Section 1 (a) GDPR and Section 25 (1) TTDSG.
You have the option to revoke your consent to the use of the Facebook Pixel at any time with effect for the future by changing the cookie settings (via the green/white icon with a fingerprint at the bottom left of our website) and thus prevent the use of the tool and the processing of your data. You can also deactivate the collection of your data by the Facebook Pixel and the use of your data to display Facebook ads in your Facebook account. To set which types of ads are displayed to you on Facebook, you can visit the page set up by Facebook for this purpose and follow the instructions there regarding the settings for usage-based advertising: www.facebook.com/settings. The settings are made in a platform-independent manner, i.e., they are applied to all devices, such as desktop computers or mobile devices.
10.4. Google Maps
We use Google Maps on this website. This allows us to display interactive maps directly on the website and enables you to use the map function conveniently. The processing of your personal data for the use of Google Maps and the forwarding of personal data to Google will only take place after you have given your consent to the processing via the cookie banner.
In addition, only the technically necessary data required to display the map (IP address, browser, time of access, etc.) is transmitted. This is done regardless of whether Google provides a user account through which you are logged in or whether there is no user account. If you are logged in to Google, your data will be directly assigned to your account. If you do not wish to be associated with your Google profile, you must log out before using our sales partner search, for which we use Google Maps.
Google stores your data as usage profiles and uses it for the purposes of advertising, market research and/or demand-oriented design of its website. Such evaluation is carried out in particular (even for users who are not logged in) for the provision of needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles. To exercise this right, you must contact Google directly.
We are aware of the transfer of your personal data to an unsafe third country and have implemented appropriate guarantees in accordance with Art. 46 GDPR to ensure lawful and secure processing of your personal data.
10.5. Web fonts from Adobe Typekit
This site uses web fonts provided by Adobe Typekit for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into your browser cache in order to display text and fonts correctly.
For this purpose, the browser you are using must connect to the Adobe Typekit servers. This gives Adobe Typekit the knowledge that our website was accessed via your IP address. Adobe Typekit Web Fonts are used in the interest of a uniform and appealing presentation of our online offerings. This represents our legitimate interest within the meaning of Article 6 Section (f) GDPR and the legal basis for the processing of your personal data. If your browser does not support web fonts, a standard font will be used by your computer.
With regard to the personal data we process about you, you have the right:
We would like to point out that your rights may be restricted by statutory retention requirements and other legal regulations to which we are subject.
You also have the right to lodge a complaint with the data protection supervisory authority responsible for us.
The supervisory authority responsible for us is: Bavarian State Office for Data Protection Supervision (BayLDA)Promenade 27, 91522 Ansbach, Germany. Website: www.lda.bayern.de/de/index.html
Websites linked on our website always open in a new window. By placing links, we provide access to the use of this content. We are not responsible for this content that can be reached through the use of the link, since we did not initiate the transmission of the information, did not select the addressee of the transmitted information and also did not select or change the transmitted information. This information is not automatically stored temporarily for a short time due to the selected access and linking method of the operator of our website (hosting, GRZ IT Center Linz GmbH), and thus we are not responsible for data protection for this third-party content. However, when we first linked to this website, we checked the third-party content to determine whether it could result in civil or criminal liability.