Data Protection Statement

Data Protection Statement

Byodo Naturkost GmbH, hereinafter referred to as “we” for simplicity’s sake, has the utmost respect for your privacy. As such, we take the protection of your personal data, for example your name, date of birth, address, e-mail address, telephone no., etc., very seriously. This data protection notice regulates the collection, processing and use of your personal data, if and insofar as they are required for the use of our website. When handling these data, we adhere strictly to the pertinent statutory data protection regulations as well as the following principles.

By confirming your agreement with the data protection principles when using our websites, especially with regard to the placing of orders, subscription to our newsletter and filling in of our contact forms, you expressly consent to the use of your personal data and instruct us to do so in the manner prescribed by said data protection principles. The following data protection principles and the public directory (only available in German) describe in detail how we collect and use this information.

1. Data controller

The controller within the meaning of the General Data Protection Regulation and other national data protection legislation of the EU Member States as well as other data protection provisions is:

Byodo Naturkost GmbH
Leisederstrasse 2
84453 Mühldorf
Tel.: +49 (0)8631/ 3629-0
Fax.: +49 (0)8631/ 3629-750

For all data protection matters, please contact the data protection officer including sufficient information to allow your personal identification (e.g., name, e-mail address):

The controller’s data protection officer is:

Byodo Naturkost GmbH
Data Protection Officer
Leisederstrasse 2
84453 Mühldorf
Tel.: +49 (0)8631/ 3629-0
Fax.: +49 (0)8631/ 3629-750

2. Scope of data processing

We only save personal data to the extent necessary to provide a functional website as well as our content and services. Our users’ personal data are only processed for the performance of the offered services (for example for the provision of quotes and advice, execution of contracts, establishing contact and asking of follow-up questions) insofar as such processing is necessary. No personal data are collected automatically.
Our users’ personal data are only processed regularly with the user’s consent. An exception applies in such cases where it is not possible to obtain consent beforehand for reasons of fact and where statutory provisions permit data processing.

3. Legal basis for the processing of personal data

To the extent that we obtain the consent of the data subjects for personal data processing operations, the legal basis is Art. 6 para. 1 lit. a of the EU General Data Protection Regulation (GDPR).
Where the processing of personal data is necessary for the performance of a contract to which the data subject is party, the legal basis is Art. 6 para. 1 lit. b of the GDPR. This also applies to processing operations required to take steps prior to entering into a contract.
To the extent that the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, the legal basis is Art. 6 para. 1 lit. c of the GDPR.
The personal data of the contracting partner are generally collected in the scope of conclusion of a contract for the services offered in our online shop. Insofar as the processing of the data is required for conclusion of the contract, the permissive rule for the data processing is Art. 6 para. 1 lit. b of the GDPR. If the processing is necessary for the purposes of legitimate interests of our company or a third party, except where such interests are overridden by the interest or fundamental rights and freedoms of the data subject, the legal basis for processing is Art. 6 para. 1 lit. f of the GDPR.

4. Duration of storage

As a matter of principle, the data are deleted as soon as the purpose for which they were collected no longer applies. To the extent necessary, we process your personal data for the entire duration of the business relationship (from initiation to conclusion and execution of a contract) and additionally in accordance with the legally prescribed storage and documentation requirements as per, for example, the German Fiscal Code (AO) and other statutory provisions.

5. Statistical evaluation

Log files are automatically stored on the web server when this page is visited. The data contained include:

  • Browser type and version
  • Operating system in use
  • Referrer URL
  • Host name of accessing computer
  • Time of server request

This information is all documented without any personal association or IP addresses and is used for statistical evaluation purposes only. The data are utilised to make our websites more user-friendly and improve the offering accordingly. The legal basis for the temporary storage of the data is Art. 6 para. 1 lit. f of the GDPR.
The collection of the data for provision of the website and the storage of said data in log files is absolutely essential for proper operation of the website. Therefore, there is no opt-out option available to the user.

6. Security of data

The personal data you make available are secured by technical and organisational security measures to ensure that they cannot be accessed by unauthorised third parties.

7. E-mail security

If you send us an e-mail, your e-mail address is employed exclusively for the subsequent correspondence with you. We would like to draw your attention to the fact that information sent unencrypted via e-mail can theoretically be viewed without authorisation. For this reason, we cannot provide a guarantee for the confidentiality of this data transfer. If you are sending particularly sensitive data or information, it is thus recommendable to do so by post.

8. Online Application & Applications via e-mail

If you would like to apply for a position advertised by us, this is primarily possible via our online applicant portal. If you are unable to use this option, you can submit your application by post. Please note that this method has a longer processing time.

If you wish to send us an e-mail with content requiring protection, e.g., a job application, we urgently recommend encrypting the attachments (CV, certificates, etc.) in order to prevent unauthorised attention and falsification occurring during the transfer. To this end, please contact the individual named in the respective job description.

9. Provision of data to third parties

We do not provide data to third parties without your consent unless this is also explicitly permitted by law or subject to a judicial or official ruling. In the scope of contract conclusions (online business), personal data are provided to service providers (e.g., delivery companies, logistics companies) for the proper execution of the contract.

10. Availability of data

In the scope of our business, you are required to make the personal data available which are required for the initiation and performance of said business and that we are legally required to collect. If you do not make these data available, we shall generally be forced to refuse conclusion or execution of the contract or may not be able to continue to execute an existing contract and have to terminate it accordingly.
However, you are not obliged to grant your consent to data processing concerning data which are not relevant and/or required by law or other regulations for the execution of the contract.

11. Changes to data protection regulations

These data protection principles may be revised over the course of time if we include additional service offerings and new functions or new legal requirements come into force. We reserve the right to change these data protection principles at any time and publish the revised version on our website. The revised function shall become valid at the time of its publishing on the site.

12. Cookies

Some of the Internet sites use ‘cookies’. Cookies do not damage your computer and do not contain viruses. Cookies help make our offering more user-friendly, efficient and safe. Cookies are small text files that are stored on your computer and saved by your browser.
The majority of the cookies we use are so-called ‘session cookies’. These are deleted automatically when you leave our website. Other cookies remain stored on your end device until you delete them. These cookies allow us to recognise your browser again if you visit in the future.
You can adjust the settings of your browser so that you are informed about the storage of cookies and cookies are only permitted in certain cases, cookies are excluded under specific conditions or entirely or all cookies are automatically deleted when you close your browser window. Disabling cookies can restrict the proper functioning of this website.
Cookies required for electronic communication and the provision of certain functions you wish to use (e.g., shopping basket function) are stored in accordance with the provisions of Art. 6 para. 1 lit. f of the GDPR. The website operator has a legitimate interest in the storage of cookies for the technically unimpaired and optimised provision of its services. Insofar as other cookies (e.g., cookies for the analysis of your surfing habits) are stored, they are treated specially in this data protection policy.

13. Matomo

We use the web analytics service Matomo to analyze and regularly improve the use of our website. The statistics obtained allow us to improve our offer and make it more interesting for you as a user. Cookie tracking is deactivated in the analysis tool. We classify the cookies we use as technically essential in accordance with Article 5(3) of Directive 2002/58/EC. Therefore, no consent is required for the use of cookies. The system processes the IP address in abbreviated form (e.g., which means that it is not possible to draw direct conclusions about a person. The IP address transmitted by your browser is neither merged with other data collected by us nor passed on to third parties.

If individual pages of our website are called up, the following data is stored:

  • IP address (masked 2 byte) of your calling system (e.g.
  • browser type and version, screen resolution, language set, local time, operating system used
  • the number of pages and files you access on our website, time spent on the website, frequency of your access to the website, number of actions, bounce rate, page generation time
  • the website from which you visit us (referrer URL)
  • if your browser does not prohibit this - device used (e.g. TV, consoles, smartphones, desktops, etc.)
  • If applicable, the website you visit after ours (when clicking on an external link on our website)
  • the date and time of your access.

As part of our web analysis, no tracking cookies are set on your your computer. The Matomo software and the data collected using Matomo are operated, stored and processed exclusively on our own servers.

14. Google Maps

This site uses the Google Maps map service via an API. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Use of the Google Maps functions requires saving of your IP address. This information is generally sent to a Google server in the USA and saved there. The provider of this site has no influence on this data transmission. The use of maps is included in the interest of the appealing display of our online offering and making it easier to find the locations we refer to on the website. This constitutes a legitimate interest as defined by Art. 6 para. 1 lit. f of the GDPR.
Further information on the handling of user data can be found in Google’s data privacy policy at:

15. Facebook plug-ins (Like & Share buttons)

Our pages integrate plug-ins from the social network Facebook, provided by Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. The Facebook plug-ins can be identified by the Facebook logo or the “Like” button on our page. An overview of the Facebook plug-ins can be found here:
If you visit our sites, the plug-in establishes a direct connection between your browser and the Facebook server. This provides Facebook with the information that you have visited our page using your IP address. You can link the contents of our pages to your Facebook profile by clicking the Facebook “Like” button when logged in to your Facebook account. This permits Facebook to associate the visit to our site with your user account. Please note that we as the provider of the pages have no knowledge of the contents of the data communicated and how they are used by Facebook. Further information can be found in Facebook’s data privacy policy at:
If you do not want Facebook to associate the visit to our site with your Facebook user account, please log out of your Facebook account.

16. Instagram plug-ins

The functions of the networking service Instagram are integrated in our sites. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA.
If you are logged in to your Instagram account, you can link the contents of our pages to your Instagram profile by clicking the Instagram button. This permits Instagram to associate the visit to our site with your user account. Please note that we as the provider of the pages have no knowledge of the contents of the data communicated and how they are used by Instagram.
Further information can be found in Instagram’s data privacy policy at:

17. Twitter plug-ins

The functions of the networking service Twitter are integrated in our sites. These functions are offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. The use of Twitter and the “Retweet” function allows websites you visit to be associated with your Twitter account and draws other users’ attention to them. Data are also communicated to Twitter at the same time. Please note that we as the provider of the pages have no knowledge of the contents of the data communicated and how they are used by Twitter. Further information can be found in Twitter’s data privacy policy at:
You can change your data protection settings for Twitter in your account settings at

18. Fonts from Adobe Typekit

This page uses ‘web fonts’ provided by Adobe Typekit for the standardised display of fonts. When you open a page, your browser loads the required fonts in your browser cache so as to be able to display the texts and fonts correctly.
For this purpose, the browser you use needs to connect to Adobe Typekit’s servers. This provides Adobe Typekit with the information that you have visited our website using your IP address. The Adobe Typekit fonts are employed in the interest of making the presentation of our online offers standardised and appealing. This constitutes a legitimate interest as defined by Art. 6 para. 1 lit. f of the GDPR.
If your browser does not support the special fonts, your computer will utilise a standard font. Further information on Adobe Typekit fonts can be found at and in Adobe Typekit’s data privacy policy:

19. Your right to information, verification, erasure and objection

You have the right to request information on the personal data we store concerning you personally free of charge. In addition, you also have the right to verify incorrect data, block specific data and demand the erasure of data in the legally prescribed cases. Furthermore, you have the right to object to the further use of your personal data at any time. We draw your attention to the fact that your right to erasure of your data may be restricted by statutory storage obligations that we are obliged to obey.
You may direct complaints to the Bavarian Data Protection Authority (BayLDA), Promenade 27 (Schloss), 91522 Ansbach, Germany.

20. External links

External links always open in a new window. Links allow us to provide an access for the use of this content (Art. 8 of the German Telemedia Act (Telemediengesetz)). We are not responsible for the content visited via the links as we have not initiated the information transfer, selected the recipient of the information or selected or changed the transferred information. The opening and linking methods selected by the operator (Hosting, GRZ IT Center Linz GmbH GmbH) of our websites do not temporarily cache this information automatically, so they also do not result in any responsibility or data protection obligations for us with regard to the third-party content. Nevertheless, we thoroughly check all third-party content the first time the links to such Internet offerings are included on our site so as to determine whether they might lead to possible civil or criminal law liability.

21. Customer and information pages

Certain areas of the website (online shop) are only available to registered users. The data entered there fall under the data responsibility of Lavano GmbH, Lußhardtstraße 1, 76689 Karlsdorf-Neuthard, Germany, and are also stored there.

22. SMS and newsletter information service


Our website contains an option to subscribe to a newsletter free of charge. When signing up to the newsletter, the data in the input screen are sent to us.

  • E-mail address

In addition, the following data will be collected when signing up:

  • IP address of the accessing computer
  • Date and time of registration

Your consent to data processing is obtained and a reference to this privacy policy is made as part of the process of signing up.
Your data will not be passed on to third parties as part of data processing for sending you the newsletter. The data are used solely for sending out the newsletter.
The legal basis for data processing after the user signs up to a newsletter, provide the user has granted their consent, is Art. 6 para. 1 lit. a of the GDPR.
The legal basis for the sending of the newsletter following the purchase of goods or service is Art. 7 para. 3 of the German Act Against Unfair Competition (UWG).
The data are erased as soon as they are no longer required to achieve the purpose for which they were collected. The user’s e-mail address will therefore be stored for as long as the newsletter subscription remains active.
The data subject may unsubscribe from the newsletter at any time. A corresponding link is included in every letter for exactly this purpose.



23. Contact form and e-mail contact

Our Internet site includes a contact form which can be used for electronic contact as well as personal contact via post or telephone. If the user opts to do so, the data entered in the input screen will be sent to us and stored.
This information is necessary for processing of queries and the input thus mandatory.

  • Surname, first name
  • E-mail address
  • Subject

The following information is optional, but required if we are to send you the requested documents, contact you by telephone to answer questions or they simply appear pertinent to the clarification of the query.

  • Address
  • Post code
  • Town/city
  • Telephone number
  • Country
  • File attachment

If you send us a file attachment, please ensure that you also possess the corresponding rights to the information contained.
Your consent to data processing is obtained and a reference to this privacy policy is made as part of the sending process.
Your data will not be passed on to third parties in this context. The data are used solely for processing the enquiry.
The data are erased as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data in the input screen of the contact form and those sent via e-mail, this is the case when the respective conversation with the user is over. The conversation is over when it can be inferred from the circumstances that the enquiry concerned has been closed.