Data Protection Statement

Data Protection Statement

Byodo Naturkost GmbH, hereinafter referred to as “we” for simplicity’s sake, has the utmost respect for your privacy. As such, we take the protection of your personal data, for example your name, date of birth, address, e-mail address, telephone no., etc., very seriously. This data protection notice regulates the collection, processing and use of your personal data, if and insofar as they are required for the use of our website. When handling these data, we adhere strictly to the pertinent statutory data protection regulations as well as the following principles.

By confirming your agreement with the data protection principles when using our websites, especially with regard to the placing of orders, subscription to our newsletter and filling in of our contact forms, you expressly consent to the use of your personal data and instruct us to do so in the manner prescribed by said data protection principles. The following data protection principles and the public directory (only available in German) describe in detail how we collect and use this information.

Contents:

Tabel of contents

  • 1. What is personal data
  • 2. Data controller
  • 3. General information regarding data processing on this website
  • 3.1. Data deletion and storage period
  • 3.2. Security of your data
  • 3.3. Forwarding of data to third parties
  • 4. Availability of the website
  • 5. Newsletter
  • 6. Contact form and e-mail contact
  • 7. Application form
  • 8. Participation in events
  • 9. Competitions and surveys
  • 10. Cookies and third-party services
  • 10.1. Cookies
  • 10.2. Matomo
  • 10.3. Facebook Pixel
  • 10.4. Google Maps
  • 10.5. Web fonts from Adobe Typekit
  • 11. Your rights
  • 12. External connections (link)
  • 13. Changes to this privacy policy

1. What is personal data

Personal data is any information relating to an identified or identifiable natural person. A natural person is viewed as identifiable if they can be identified, directly or indirectly, in particular by reference to an ID, such as a name, an identification number, location data, an online ID or one or more specific factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. This includes data such as your real name, address, telephone number and date of birth. Information that cannot be directly linked to your real identity, such as preferred websites or the number of users of a site, is not considered personal data.

2. Data controller

The data controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the Member States as well as other data protection regulations is:

Byodo Naturkost GmbH
Leisederstraße 2
84453 Mühldorf
Germany
Tel.: +49 (0)8631 3629-0
Fax: +49 (0)8631 3629-750
E-mail: info@byodo.de
Website: www.byodo.de

Any data subject may contact us or our data protection officer directly should they have any questions or suggestions regarding data protection.

Alois Grob
Agotech IT-Systemhaus GmbH

Leisederstraße 2
84453 Mühldorf a. Inn
Telefon +49 8631 3629970
Webseite www.agotech.de
E-Mail: datenschutz@byodo.de

3. General information regarding data processing on this website

 First of all, we would like to inform you in general about the principles of data processing on our website.

3.1 Data deletion and storage period

In principle, your data will be deleted as soon as the purpose for which it was collected has been fulfilled. We process your personal data, in so far as necessary, for the duration of the entire business relationship (from the initiation to the processing to the termination of a contract) and beyond that in accordance with the statutory retention and documentation obligations, which result, among other things, from the German Fiscal Code (AO) or other statutory requirements.

3.2 Security of your data

The personal data provided by you will be secured by taking all necessary technical and organisational security measures in accordance with Art. 24 and 32 GDPR so that they are protected from access by unauthorised third parties.

3.3 Forwarding of data to third parties

We do not forward any data to third parties without your consent unless this is also expressly permitted by law without your consent or is necessary due to a judicial or official request. The forwarding of personal data to service providers (e.g., payment service providers, logistics companies) who process personal data on our behalf represents an exception. This is particularly the case for the fulfilment of contracts for the purpose of processing purchases via our online shop.

4. Availability of the website

Our website collects a series of general data and information every time it is visited. This general data and information is stored in the server log files. The following information may be collecte

(1) the browser types and versions used;
(2) the operating system used by the accessing system;
(3) the website from which an accessing system arrives at our website (referrer);
(4) the sub-sites that are accessed via an accessing system on our website;
(5) the date and time of an access to the website;
(6) an Internet Protocol (IP) address;
(7) the Internet service provider (ISP) of the accessing system; and
(8) other similar data and information that serve to avert danger in the event of attacks on our information technology systems.

When processing this general data and information, we do not draw any conclusions about you as an individual. Rather, this information is required in order to:

(1) supply the contents of our website correctly;
(2) optimise the content of our website and the advertising for it;
(3) ensure the long-term functionality of our information technology systems and the technology of our website; and
(4) to provide law enforcement authorities with the information necessary for prosecution in the event of a cyberattack.

We evaluate this collected data and information, on the one hand, statistically and, on the other hand, with the aim of identifying security incidents and cyberattacks in order to increase the data protection and data security of our enterprise so as ultimately to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored and statistically analysed separately from any personal data you provide.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the availability of the website, this is the case when the respective session has ended. In the case of storage of data in log files, this is the case after 60 days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or anonymised, so that it is no longer possible to link them to an accessing client.

The legal basis for the processing of this technical data about you is our legitimate interest in the operation of our website, increasing data security and detecting cyberattacks pursuant to Art. 6 Section 1 (f) GDPR.

The collection of data for the availability of the website and the storage of the data in log files is mandatory for the operation of the website. Consequently, there is no possibility of objection on the part of the user. The anonymisation of the data and subsequent statistical analysis of the personal data is based on our legitimate interest in the continuous improvement of our website pursuant to Art. 6 Section 1 (f) GDPR.

5. Newsletter

On our website, there is the possibility to subscribe to a free newsletter. When you register for the newsletter, the data from the input mask is transmitted to us. In addition, the following data is collected during registration:

  • IP address of the accessing computer;
  • date and time of registration.

Your consent to the processing of the data is obtained during the registration process and reference is made to this Privacy Policy. No data is forwarded to third parties in connection with the processing of data for sending newsletters. Our newsletter is personalised with the help of web beacons (tracking pixels) to measure the opening rate. These are small graphics in HTML-based e-mails that enable the evaluation of a log file. This allows us to evaluate which content is particularly interesting for you in the future and take this into account for the selection of future newsletters to you.

The legal basis for sending the newsletter and determining the opening rate is your consent in accordance with Art. 6 Section 1 (a) GDPR, which you provide to us as part of the registration process for the newsletter. We have commissioned the order processor Sendinblue for the sending of the newsletter. An order processing agreement has been concluded with Sendinblue in accordance with Art. 28 GDPR in order to ensure the processing of your personal data in compliance with data protection law.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Accordingly, your user e-mail address will be stored as long as the subscription to the newsletter is active and you do not revoke your consent. You can cancel the subscription to the newsletter at any time by revoking your consent to the use of your personal data. For this purpose, each newsletter contains a corresponding link that you can select to unsubscribe from the newsletter and thus revoke your consent. Furthermore, you can send your revocation as an e-mail to datenschutz@byodo.de.

6. Contact form and e-mail contact

Our website contains a contact form which can be used for electronic contact as well as personal contact via post or telephone. Should a user take advantage of this option, the data entered in the input mask will be transmitted to us and stored. The following information is necessary for processing the inquiry and is therefore mandatory as input:

  • name, first name;
  • e-mail address;
  • subject;
  • content of the message.

Furthermore, it is possible for you to contact us via e-mail at any time, in which case we shall process your e-mail address as well as the personal data contained in your message.

In both cases, the processing of your personal data is based on our legitimate interest in answering enquiries from customers as well as interested parties according to Art. 6 Section 1 (f) GDPR. In this context, the data will not be forwarded to third parties. The data is used exclusively for processing the conversation.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and that sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it is clear from the circumstances that the matter in question has been conclusively clarified.

7. Application form

Our website offers you the possibility to apply via an application form. Should you make use of this option, we process your personal data, which is necessary to decide on the establishment of an employment relationship with you.

For the technical implementation, we use the HR4you portal. This service provider has been checked by us in accordance with the data protection regulations and bound by contract (order data processing).

The personal data entered by you and documents uploaded to the portal are encrypted and transmitted in accordance with the current technical possibilities. Please note that you only provide relevant information.

We only use the communication data you have entered to contact you. Once your application has been submitted and received, access is only permitted to a relevant group of people (HR department, decision-makers), who are authorised to process it. If you have applied explicitly for an advertised position, but after the initial screening we determine that your potential may be better placed in another organisational unit, we shall obtain your consent before forwarding your data to said other organisational unit in application for a position there. In accordance with legal requirements, the data you provide will be stored for a maximum of six (6) months after the application has been processed. If you withdraw your application, your data will be deleted immediately unless there are other legal obligations (e.g., Section 61 (1) of the German Labour Courts Act (ArbGG) in conjunction with Section 15 of the German General Equal Treatment Act (AGG)) to retain your data.

The legal basis for the processing of your data in the context of the application is its necessity for the decision on the establishment of a contractual relationship with you pursuant to Section 26 (1) of the German Federal Data Protection Act (BDSG). Should your application not be successful, we may include you in an applicant pool with the information you provided in order to contact you in the event of future job postings. For this purpose, we obtain your prior consent, which you can revoke at any time with effect for the future.

8. Participation in events

On our website, we advertise events organised by us such as the End User Panel. You can participate in these events by contacting us via the details provided if you are interested. If you wish to participate in the event, we shall process your personal data in order to inform you about the details of participation, to register you for the event and to enable you to participate.

In so far as payment is required for the event, we process your personal data based on Art. 6 Section 1 (b) GDPR for the purpose of fulfilling the contract concluded with you. In this case, we process your payment data to process the payment to be made by you.

If it is a free event, we process your personal data based on our legitimate interest in holding the events, for increasing customer loyalty and for the improvement and further development of our products (Art. 6 Section 1 (f) GDPR). In both cases, we delete your personal data as soon as storage is no longer necessary for the above-mentioned purposes and no legal retention periods prevent said deletion.

9. Competitions and surveys

Our website includes links to competitions and surveys that we organise. As part of these campaigns, we collect your personal data and process it in order to conduct the survey and utilise it to improve our products and services as well as to enable your participation in the competitions.

If we obtain your consent when collecting your data, the legal basis for processing your personal data is this consent. In this case, the personal data will be stored by us until the survey has been evaluated or the competition has finished, or until you revoke your consent. You can revoke your consent at any time in the manner indicated on the form. In such a case, you will be excluded from any competitions and your data will be deleted immediately.

If we do not obtain your consent, we shall process your personal data based on our legitimate interest to improve our products and customer loyalty and to carry out the campaign you have accessed in accordance with Art. 6 Section 1 (f) GDPR. In this case, you have the option to object to the processing. To do so, please contact our data protection officer at datenschutz@byodo.de. We process your personal data based on our legitimate interest until you object to the processing or the purposes of the processing have been achieved, i.e., the competition has been finished or the survey has been evaluated. Subsequently, your personal data will be deleted or anonymised immediately.

10. Cookies and third-party services used

The following describes the services we use on our website for technical functionality and to improve the quality of our website. We obtain the consent required for this purpose for the use of the services and the data processing that takes place in this context via our cookie banner.

10.1. Cookies

Our website uses cookies. Cookies are small text files that are stored on your computer and saved by your browser. Cookies serve to make our offer more user-friendly, effective and secure. Most of the cookies we use are “session cookies”. They are automatically deleted at the end of your session. Other cookies remain stored on your end device until you delete them or the deletion period is reached. These cookies allow us to recognise your browser on your next visit.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. In case of complete deactivation of cookies, the functionality of this website may be limited.

Cookies that are absolutely necessary to carry out the electronic communication process or to provide certain functions that you have requested (e.g., display of the website) are stored on the basis of our legitimate interest as per Art. 6 Section 1 (f) GDPR and due to the fact that the cookies are absolutely necessary for a function that you have expressly requested in accordance with Section 25 Para.2 No. 2 of the German Telecommunication Telemedia Data Protection Act (TTDSG).

In this respect, we have a legitimate interest in the storage of cookies for the technical provision of the services you have requested. In so far as other cookies (e.g., cookies for the analysis of your surfing behaviour) are stored, these are treated separately in this privacy policy.

10.2. Matomo

We use the web analytics service Matomo on our website to analyse the use of our website and so as to be able to improve our website regularly. The statistics obtained allow us to improve our offering and make it more interesting for you as a user. For this purpose, we set cookies in order to be able to guarantee the analysis function of the tool.

Your IP address is shortened by Matomo (e.g., 111.xxx.xxx.xxx) and used for geolocation in order to classify visitors to our website according to region so that we can better plan our marketing campaigns. A direct inference to your person can thus be excluded. The IP address transmitted by your browser is neither merged with other data collected by us nor forwarded to third parties.

The processing of your personal data in the context of the use of Matomo and the setting of cookies is based on the consent given by you via the cookie banner in accordance with Art. 6 Section 1 (a) GDPR and Section 25 TTDSG. You can revoke this consent at any time with effect for the future by calling up our cookie banner again at the bottom left of our website via the green/white icon with a fingerprint and changing your settings for the analysis tools. Should you access individual pages of our website after you have given your consent to data processing by Matomo, the following data will be stored:

  • IP address (masked 2 byte) of your accessing system (e.g., 111.xxx.xxx.xxx);
  • browser type and version, screen resolution, set language, local time, operating system used;
  • the number of pages and files you access on our website, time spent on the website, frequency of your access to the website, number of actions, bounce rate, page generation time;
  • the website from which you visit us (referrer URL) – in so far as your browser does not prohibit this;
  • device used (e.g., TVs, consoles, smartphones, desktops, etc.);
  • if applicable, the website you visit after our website (when clicking on an external link on our website);
  • the date and time of your access. No tracking cookies are stored on your computer as part of our web analysis.

The Matomo software and the data collected using Matomo are operated, stored and processed exclusively on our own servers. The personal data is deleted as soon as it is no longer required for the purposes for which it was originally collected.

10.3. Facebook Pixel

We use the “Facebook Pixel” (basic version) of the social network Facebook, which is operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (“Facebook”), on our website.

The use of the Facebook Pixel makes it possible for Facebook to identify you as a visitor to our online offering as a target group for the placement of advertisements ( “Facebook ads and Instagram ads”).

Based on the express consent of the website visitors, we use the Facebook Pixel to display the Facebook and Instagram ads placed by us only to those Facebook and Instagram users who have also shown an interest in our online offering or who have certain characteristics (e.g., interests in certain topics or products determined on the basis of the websites visited) that we transmit to Facebook (“custom audiences”).

With the help of the Facebook Pixel, we also want to ensure that our Facebook ads correspond to the interest of the users and do not have a harassing effect. The processing of data by Facebook takes place within the framework of Facebook’s data processing conditions. General information on the display of Facebook ads can be found in Facebook’s Privacy Policy: www.facebook.com/policy.php.

Specific information and details about the Facebook Pixel and how it works can be found in Facebook’s Help section: www.facebook.com/business/help/651294705016616. For the processing of data where Facebook acts as a processor, we have entered into a processing agreement with Facebook, under which Facebook is obligated to protect our customers’ data and not to disclose it to third parties.

We are aware of the potential transfer of your personal data to an unsafe third country in this context and have implemented appropriate safeguards in accordance with Art. 46 GDPR to ensure lawful and secure processing of your personal data. We store your data for up to 180 days after your last interaction.

The legal basis for the processing of your personal data in the context of the Facebook Pixel is your consent given in the cookie banner pursuant to Art. 6 Section 1 (a) GDPR and Section 25 (1) TTDSG.

You have the option to revoke your consent to the use of the Facebook Pixel at any time with effect for the future by changing the cookie settings (via the green/white icon with a fingerprint at the bottom left of our website) and thus prevent the use of the tool and the processing of your data. You can also deactivate the collection of your data by the Facebook Pixel and the use of your data to display Facebook ads in your Facebook account. To set which types of ads are displayed to you on Facebook, you can visit the page set up by Facebook for this purpose and follow the instructions there regarding the settings for usage-based advertising: www.facebook.com/settings. The settings are made in a platform-independent manner, i.e., they are applied to all devices, such as desktop computers or mobile devices.

10.4. Google Maps

We use Google Maps on this website. This allows us to display interactive maps directly on the website and enables you to use the map function conveniently. The processing of your personal data for the use of Google Maps and the forwarding of personal data to Google will only take place after you have given your consent to the processing via the cookie banner.

In addition, only the technically necessary data required to display the map (IP address, browser, time of access, etc.) is transmitted. This is done regardless of whether Google provides a user account through which you are logged in or whether there is no user account. If you are logged in to Google, your data will be directly assigned to your account. If you do not wish to be associated with your Google profile, you must log out before using our sales partner search, for which we use Google Maps.

Google stores your data as usage profiles and uses it for the purposes of advertising, market research and/or demand-oriented design of its website. Such evaluation is carried out in particular (even for users who are not logged in) for the provision of needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles. To exercise this right, you must contact Google directly.

We are aware of the transfer of your personal data to an unsafe third country and have implemented appropriate guarantees in accordance with Art. 46 GDPR to ensure lawful and secure processing of your personal data.

Further information on the purpose and scope of data collection and processing by Google can be found in Google’s Privacy Policy. There you will also find further information on your rights in this regard and setting options to protect your privacy: www.google.de/intl/de/policies/privacy.

10.5. Web fonts from Adobe Typekit

This site uses web fonts provided by Adobe Typekit for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into your browser cache in order to display text and fonts correctly.

For this purpose, the browser you are using must connect to the Adobe Typekit servers. This gives Adobe Typekit the knowledge that our website was accessed via your IP address. Adobe Typekit Web Fonts are used in the interest of a uniform and appealing presentation of our online offerings. This represents our legitimate interest within the meaning of Article 6 Section (f) GDPR and the legal basis for the processing of your personal data. If your browser does not support web fonts, a standard font will be used by your computer.

You can find more information about Adobe Typekit web fonts at typekit.com and in the Adobe Typekit Privacy Policy: www.adobe.com/de/privacy/policies/typekit.html

11. Your rights

 With regard to the personal data we process about you, you have the right:

  • to receive information free of charge about the personal data we have stored about you and a copy of this data; 
  • the right to have inaccurate personal data about you corrected;
  • the right to block or delete the personal data we process about you; 
  • to object to the further use of your personal data for the future; and
  • to receive the personal data you have provided in a structured, common and machine-readable format and to request that we forward this personal data to another data controller.

We would like to point out that your rights may be restricted by statutory retention requirements and other legal regulations to which we are subject.

You also have the right to lodge a complaint with the data protection supervisory authority responsible for us.

The supervisory authority responsible for us is: Bavarian State Office for Data Protection Supervision (BayLDA)Promenade 27, 91522 Ansbach, Germany. Website: www.lda.bayern.de/de/index.html

12. External connections (links)

Websites linked on our website always open in a new window. By placing links, we provide access to the use of this content. We are not responsible for this content that can be reached through the use of the link, since we did not initiate the transmission of the information, did not select the addressee of the transmitted information and also did not select or change the transmitted information. This information is not automatically stored temporarily for a short time due to the selected access and linking method of the operator of our website (hosting, GRZ IT Center Linz GmbH), and thus we are not responsible for data protection for this third-party content. However, when we first linked to this website, we checked the third-party content to determine whether it could result in civil or criminal liability.

13. Changes to this Privacy Policy

This Privacy Policy may be revised over time as we need to add more service offerings, add new features or respond to new legal requirements. We reserve the right to change this Privacy Policy at any time and to post the revised version on our website. The revised version will be effective when we post it on the site.