Data Protection Statement

Data Protection Statement

Byodo Naturkost GmbH, hereinafter referred to as “we” for simplicity’s sake, has the utmost respect for your privacy. As such, we take the protection of your personal data, for example your name, date of birth, address, e-mail address, telephone no., etc., very seriously. This data protection notice regulates the collection, processing and use of your personal data, if and insofar as they are required for the use of our website. When handling these data, we adhere strictly to the pertinent statutory data protection regulations as well as the following principles.

By confirming your agreement with the data protection principles when using our websites, especially with regard to the placing of orders, subscription to our newsletter and filling in of our contact forms, you expressly consent to the use of your personal data and instruct us to do so in the manner prescribed by said data protection principles. The following data protection principles and the public directory (only available in German) describe in detail how we collect and use this information.

1. Data controller

The controller within the meaning of the General Data Protection Regulation and other national data protection legislation of the EU Member States as well as other data protection provisions is:

Byodo Naturkost GmbH
Leisederstrasse 2
84453 Mühldorf
Tel.: +49 (0)8631/ 3629-0
Fax.: +49 (0)8631/ 3629-750

For all data protection matters, please contact the data protection officer including sufficient information to allow your personal identification (e.g., name, e-mail address):

The controller’s data protection officer is:

Byodo Naturkost GmbH
Data Protection Officer
Leisederstrasse 2
84453 Mühldorf
Tel.: +49 (0)8631/ 3629-0
Fax.: +49 (0)8631/ 3629-750

2. Scope of data processing

We only save personal data to the extent necessary to provide a functional website as well as our content and services. Our users’ personal data are only processed for the performance of the offered services (for example for the provision of quotes and advice, execution of contracts, establishing contact and asking of follow-up questions) insofar as such processing is necessary. No personal data are collected automatically.
Our users’ personal data are only processed regularly with the user’s consent. An exception applies in such cases where it is not possible to obtain consent beforehand for reasons of fact and where statutory provisions permit data processing.

3. Legal basis for the processing of personal data

To the extent that we obtain the consent of the data subjects for personal data processing operations, the legal basis is Art. 6 para. 1 lit. a of the EU General Data Protection Regulation (GDPR).
Where the processing of personal data is necessary for the performance of a contract to which the data subject is party, the legal basis is Art. 6 para. 1 lit. b of the GDPR. This also applies to processing operations required to take steps prior to entering into a contract.
To the extent that the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, the legal basis is Art. 6 para. 1 lit. c of the GDPR.
The personal data of the contracting partner are generally collected in the scope of conclusion of a contract for the services offered in our online shop. Insofar as the processing of the data is required for conclusion of the contract, the permissive rule for the data processing is Art. 6 para. 1 lit. b of the GDPR. If the processing is necessary for the purposes of legitimate interests of our company or a third party, except where such interests are overridden by the interest or fundamental rights and freedoms of the data subject, the legal basis for processing is Art. 6 para. 1 lit. f of the GDPR.

4. Duration of storage

As a matter of principle, the data are deleted as soon as the purpose for which they were collected no longer applies. To the extent necessary, we process your personal data for the entire duration of the business relationship (from initiation to conclusion and execution of a contract) and additionally in accordance with the legally prescribed storage and documentation requirements as per, for example, the German Fiscal Code (AO) and other statutory provisions.

5. Statistical evaluation

Log files are automatically stored on the web server when this page is visited. The data contained include:

  • Browser type and version
  • Operating system in use
  • Referrer URL
  • Host name of accessing computer
  • Time of server request

This information is all documented without any personal association or IP addresses and is used for statistical evaluation purposes only. The data are utilised to make our websites more user-friendly and improve the offering accordingly. The legal basis for the temporary storage of the data is Art. 6 para. 1 lit. f of the GDPR.
The collection of the data for provision of the website and the storage of said data in log files is absolutely essential for proper operation of the website. Therefore, there is no opt-out option available to the user.

6. Security of data

The personal data you make available are secured by technical and organisational security measures to ensure that they cannot be accessed by unauthorised third parties.

7. E-mail security

If you send us an e-mail, your e-mail address is employed exclusively for the subsequent correspondence with you. We would like to draw your attention to the fact that information sent unencrypted via e-mail can theoretically be viewed without authorisation. For this reason, we cannot provide a guarantee for the confidentiality of this data transfer. If you are sending particularly sensitive data or information, it is thus recommendable to do so by post.

8. Online Application & Applications via e-mail

If you would like to apply for a position advertised by us, this is primarily possible via our online applicant portal. If you are unable to use this option, you can submit your application by post. Please note that this method has a longer processing time.

If you wish to send us an e-mail with content requiring protection, e.g., a job application, we urgently recommend encrypting the attachments (CV, certificates, etc.) in order to prevent unauthorised attention and falsification occurring during the transfer. To this end, please contact the individual named in the respective job description.

9. Provision of data to third parties

We do not provide data to third parties without your consent unless this is also explicitly permitted by law or subject to a judicial or official ruling. In the scope of contract conclusions (online business), personal data are provided to service providers (e.g., delivery companies, logistics companies) for the proper execution of the contract.

10. Availability of data

In the scope of our business, you are required to make the personal data available which are required for the initiation and performance of said business and that we are legally required to collect. If you do not make these data available, we shall generally be forced to refuse conclusion or execution of the contract or may not be able to continue to execute an existing contract and have to terminate it accordingly.
However, you are not obliged to grant your consent to data processing concerning data which are not relevant and/or required by law or other regulations for the execution of the contract.

11. Changes to data protection regulations

These data protection principles may be revised over the course of time if we include additional service offerings and new functions or new legal requirements come into force. We reserve the right to change these data protection principles at any time and publish the revised version on our website. The revised function shall become valid at the time of its publishing on the site.

12. Cookies

Some of the Internet sites use ‘cookies’. Cookies do not damage your computer and do not contain viruses. Cookies help make our offering more user-friendly, efficient and safe. Cookies are small text files that are stored on your computer and saved by your browser.
The majority of the cookies we use are so-called ‘session cookies’. These are deleted automatically when you leave our website. Other cookies remain stored on your end device until you delete them. These cookies allow us to recognise your browser again if you visit in the future.
You can adjust the settings of your browser so that you are informed about the storage of cookies and cookies are only permitted in certain cases, cookies are excluded under specific conditions or entirely or all cookies are automatically deleted when you close your browser window. Disabling cookies can restrict the proper functioning of this website.
Cookies required for electronic communication and the provision of certain functions you wish to use (e.g., shopping basket function) are stored in accordance with the provisions of Art. 6 para. 1 lit. f of the GDPR. The website operator has a legitimate interest in the storage of cookies for the technically unimpaired and optimised provision of its services. Insofar as other cookies (e.g., cookies for the analysis of your surfing habits) are stored, they are treated specially in this data protection policy.

13. Matomo

We use the web analytics service Matomo to analyze and regularly improve the use of our website. The statistics obtained allow us to improve our offer and make it more interesting for you as a user. Cookie tracking is deactivated in the analysis tool. We classify the cookies we use as technically essential in accordance with Article 5(3) of Directive 2002/58/EC. Therefore, no consent is required for the use of cookies, Matomo also uses the shortened IP address (e.g. for geolocation purposes, as we have a legitimate interest in classifying visitors to our website by region in order to better plan our marketing campaigns, in accordance with Art 6 lit. f DSGVO. A direct inference to a person can be excluded. The IP address transmitted by your browser is neither merged with other data collected by us nor passed on to third parties.

If individual pages of our website are called up, the following data is stored:

  • IP address (masked 2 byte) of your calling system (e.g.
  • browser type and version, screen resolution, language set, local time, operating system used
  • the number of pages and files you access on our website, time spent on the website, frequency of your access to the website, number of actions, bounce rate, page generation time
  • the website from which you visit us (referrer URL) - if your browser does not prohibit this
  • device used (e.g. TV, consoles, smartphones, desktops, etc.)
  • If applicable, the website you visit after ours (when clicking on an external link on our website)
  • the date and time of your access.
  • No tracking cookies are set on your computer as part of our web analysis. The Matomo software and the data collected using Matomo are operated, stored and processed exclusively on our own servers.

14. Google Maps

This site uses the Google Maps map service via an API. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Use of the Google Maps functions requires saving of your IP address. This information is generally sent to a Google server in the USA and saved there. The provider of this site has no influence on this data transmission. The use of maps is included in the interest of the appealing display of our online offering and making it easier to find the locations we refer to on the website. This constitutes a legitimate interest as defined by Art. 6 para. 1 lit. f of the GDPR.
Further information on the handling of user data can be found in Google’s data privacy policy at:

15. Facebook plug-ins (Like & Share buttons)

Our pages integrate plug-ins from the social network Facebook, provided by Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. The Facebook plug-ins can be identified by the Facebook logo or the “Like” button on our page. An overview of the Facebook plug-ins can be found here:
If you visit our sites, the plug-in establishes a direct connection between your browser and the Facebook server. This provides Facebook with the information that you have visited our page using your IP address. You can link the contents of our pages to your Facebook profile by clicking the Facebook “Like” button when logged in to your Facebook account. This permits Facebook to associate the visit to our site with your user account. Please note that we as the provider of the pages have no knowledge of the contents of the data communicated and how they are used by Facebook. Further information can be found in Facebook’s data privacy policy at:
If you do not want Facebook to associate the visit to our site with your Facebook user account, please log out of your Facebook account.

16. Instagram plug-ins

The functions of the networking service Instagram are integrated in our sites. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA.
If you are logged in to your Instagram account, you can link the contents of our pages to your Instagram profile by clicking the Instagram button. This permits Instagram to associate the visit to our site with your user account. Please note that we as the provider of the pages have no knowledge of the contents of the data communicated and how they are used by Instagram.
Further information can be found in Instagram’s data privacy policy at:

17. Twitter plug-ins

The functions of the networking service Twitter are integrated in our sites. These functions are offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. The use of Twitter and the “Retweet” function allows websites you visit to be associated with your Twitter account and draws other users’ attention to them. Data are also communicated to Twitter at the same time. Please note that we as the provider of the pages have no knowledge of the contents of the data communicated and how they are used by Twitter. Further information can be found in Twitter’s data privacy policy at:
You can change your data protection settings for Twitter in your account settings at

18. Facebook Pixel

We actively use (code integration on our websites) the technical function of "Facebook Pixel" offered by Facebook, which is a tracking technology of the data processing company Meta Inc. (Facebook) Ireland Limited 4 Grand Canal Square, Grand Canal Harbour, Dublin, D02, Ireland (European Union) which, among other things, makes it possible to determine target groups more precisely and thus to place personalized and more effective advertising (Facebook Retargeting) across devices and to measure its success. The features used allow us to show our products purchased advertisements to people who have previously visited our company's website and recommend products and services to them based on this activity. In doing so, we try to prevent the same advertisement from being displayed over and over again on the various devices used. For the use of the Facebook function "Custom Audiences from Website" we comply with the requirements of § 15 Abs.3 TMG insofar as we store with this function only data about the non-personalized user behavior (eg which web pages are clicked how often, how long is the duration of stay, etc.). The collection of the data collected there are based on the legal basis of Art. 6 lit. f) DSGVO as the knowledge of the information is in our legitimate interest. The collection via Meta Platforms Inc. (Facebook Pixel) of further information (conversion tracking e.g. email, address, quantity for the purchase of a product or service, type of payment, or items removed from the shopping cart). For this type of personalized advertising, we need your consent on the legal basis of Art. 6 lit. a) DSGVO which you can revoke at any time. Furthermore, Meta Platforms Inc. and its affiliated subsidiaries (e.g. Facebook) use this data for analysis purposes and advertisements.

Data processing purposes
This list represents the purposes of data collection and processing. Consent is valid only for the purposes indicated. The collected data cannot be used or stored for any purpose other than those listed below.

  • Marketing
  • Retargeting
  • Tracking Analysis
  • Advertising

Data collected
This list includes all (personal) data collected by or through the use of this service.

  • Facebook user ID
  • Browser information
  • Usage data
  • Non-sensitive custom data
  • Referrer URL
  • Pixel ID
  • Pixel specific data
  • User behavior
  • Viewed advertisements
  • Interactions with advertisements, services and products
  • Marketing information
  • Viewed content
  • IP address
  • HTTP header
  • Device information
  • Marketing campaign success
  • Geographic location

Retention period
The retention period is the time period during which the collected data is stored for processing. The data will be deleted as soon as it is no longer needed for the specified processing purposes.

Data protection officer of the processing company
Below you will find the e-mail address of the data protection officer of the processing company.

Transfer to third countries
This service may transfer the collected data to another country. Please note that this service may transfer data outside the European Union and the European Economic Area and to a country that does not provide an adequate level of data protection. If the data is transferred to the United States, there is a risk that your data may be processed by U.S. authorities for control and monitoring purposes, without any possible redress available to you.

Click here to read the privacy policy of the data processor

Click here to object on all domains of the processing company

Click here to read the data processor's cookie policy

For more information on Facebook and other social networks and how to protect your data, you can also visit (not only for young people) 

19. Fonts from Adobe Typekit

This page uses ‘web fonts’ provided by Adobe Typekit for the standardised display of fonts. When you open a page, your browser loads the required fonts in your browser cache so as to be able to display the texts and fonts correctly.
For this purpose, the browser you use needs to connect to Adobe Typekit’s servers. This provides Adobe Typekit with the information that you have visited our website using your IP address. The Adobe Typekit fonts are employed in the interest of making the presentation of our online offers standardised and appealing. This constitutes a legitimate interest as defined by Art. 6 para. 1 lit. f of the GDPR.
If your browser does not support the special fonts, your computer will utilise a standard font. Further information on Adobe Typekit fonts can be found at and in Adobe Typekit’s data privacy policy:

20. Your right to information, verification, erasure and objection

You have the right to request information on the personal data we store concerning you personally free of charge. In addition, you also have the right to verify incorrect data, block specific data and demand the erasure of data in the legally prescribed cases. Furthermore, you have the right to object to the further use of your personal data at any time. We draw your attention to the fact that your right to erasure of your data may be restricted by statutory storage obligations that we are obliged to obey.
You may direct complaints to the Bavarian Data Protection Authority (BayLDA), Promenade 27 (Schloss), 91522 Ansbach, Germany.

21. External links

External links always open in a new window. Links allow us to provide an access for the use of this content (Art. 8 of the German Telemedia Act (Telemediengesetz)). We are not responsible for the content visited via the links as we have not initiated the information transfer, selected the recipient of the information or selected or changed the transferred information. The opening and linking methods selected by the operator (Hosting, GRZ IT Center Linz GmbH GmbH) of our websites do not temporarily cache this information automatically, so they also do not result in any responsibility or data protection obligations for us with regard to the third-party content. Nevertheless, we thoroughly check all third-party content the first time the links to such Internet offerings are included on our site so as to determine whether they might lead to possible civil or criminal law liability.

22. Customer and information pages

Certain areas of the website (online shop) are only available to registered users. The data entered there fall under the data responsibility of Lavano GmbH, Lußhardtstraße 1, 76689 Karlsdorf-Neuthard, Germany, and are also stored there.

23. SMS and newsletter information service


Our website contains an option to subscribe to a newsletter free of charge. When signing up to the newsletter, the data in the input screen are sent to us.

  • E-mail address

In addition, the following data will be collected when signing up:

  • IP address of the accessing computer
  • Date and time of registration

Your consent to data processing is obtained and a reference to this privacy policy is made as part of the process of signing up.
Your data will not be passed on to third parties as part of data processing for sending you the newsletter. The data are used solely for sending out the newsletter.
The legal basis for data processing after the user signs up to a newsletter, provide the user has granted their consent, is Art. 6 para. 1 lit. a of the GDPR.
The legal basis for the sending of the newsletter following the purchase of goods or service is Art. 7 para. 3 of the German Act Against Unfair Competition (UWG).
The data are erased as soon as they are no longer required to achieve the purpose for which they were collected. The user’s e-mail address will therefore be stored for as long as the newsletter subscription remains active.
The data subject may unsubscribe from the newsletter at any time. A corresponding link is included in every letter for exactly this purpose.



24. Contact form and e-mail contact

Our Internet site includes a contact form which can be used for electronic contact as well as personal contact via post or telephone. If the user opts to do so, the data entered in the input screen will be sent to us and stored.
This information is necessary for processing of queries and the input thus mandatory.

  • Surname, first name
  • E-mail address
  • Subject

The following information is optional, but required if we are to send you the requested documents, contact you by telephone to answer questions or they simply appear pertinent to the clarification of the query.

  • Address
  • Post code
  • Town/city
  • Telephone number
  • Country
  • File attachment

If you send us a file attachment, please ensure that you also possess the corresponding rights to the information contained.
Your consent to data processing is obtained and a reference to this privacy policy is made as part of the sending process.
Your data will not be passed on to third parties in this context. The data are used solely for processing the enquiry.
The data are erased as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data in the input screen of the contact form and those sent via e-mail, this is the case when the respective conversation with the user is over. The conversation is over when it can be inferred from the circumstances that the enquiry concerned has been closed.