Jobs Shop Search My account Shopping cart

Privacy policy

Byodo Naturkost GmbH, hereinafter referred to as “we”, respects your privacy and personal sphere. We therefore take the protection of your personal data, such as name, date of birth, address, e-mail address, telephone number, etc. very seriously. This data protection notice regulates the collection, processing and use of your personal data, if and to the extent that it is collected when you use our website. When handling this data, we act in strict compliance with the relevant statutory data protection regulations.

1. what is personal data

Personal data is any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. This includes data such as your real name, address, telephone number and date of birth. Information that cannot be directly linked to your real identity, such as preferred websites or the number of users of a site, is not considered personal data.

2. person responsible for data collection

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is the:

Byodo Naturkost GmbH
Leisederstrasse 2
D – 84453 Mühldorf
Phone: +49 (0) 8631/ 3629-0
Fax: +49 (0) 8631/ 3629-750

Any data subject can contact us or our data protection officer directly with any questions or suggestions regarding data protection.

The external data protection officer of the controller is

Alois Grob
Agotech IT-Systemhaus GmbH
Leisederstrasse 2
84453 Mühldorf a. Inn
Phone +49 8631 3629970

3. general information on data processing

First of all, we would like to inform you in general terms about the principles of data processing on our website.

3.1. Data erasure and storage duration

In principle, your data will be deleted as soon as the purpose for which it was collected has been fulfilled. We process your personal data, if necessary, for the duration of the entire business relationship (from the initiation, processing to the termination of a contract) and beyond in accordance with the statutory retention and documentation obligations arising from the German Fiscal Code (AO) or other legal requirements.

3.2. Security of your data

The personal data provided by you will be processed in accordance with Art. Artt. 24, 32 GDPR in such a way that they are protected against access by unauthorized third parties.

3.3. Data transfer to third parties

We do not pass on any data to third parties without your consent, unless this is expressly permitted by law without your consent or is necessary due to a court or official request. Excluded from this is the transfer of personal data to service providers (e.g. payment service providers, logistics companies) that process personal data on our behalf. This is particularly the case for the fulfillment of contracts for the purpose of processing purchases via our online store.

4. provision of the website

Our website collects a range of general data and information each time it is accessed. This general data and information is stored in the server log files. can be recorded;

(1) the browser types and versions used,
(2) the operating system used by the accessing system,
(3) the website from which an accessing system reaches our website (so-called referrer),
(4) the sub-websites which are accessed via an accessing system on our website,
(5) the date and time of access to the website,
(6) an Internet Protocol address (IP address),
(7) the Internet service provider of the accessing system and
(8) other similar data and information used for security purposes in the event of attacks on our information technology systems.

When using this general data and information, we do not draw any conclusions about your person. Rather, this information is required in order to

(1) to deliver the content of our website correctly,
(2) to optimize the content of our website and the advertising for it,
(3) to ensure the long-term functionality of our information technology systems and the technology of our website, and
(4) to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber-attack.

We evaluate this collected data and information both statistically and with the aim of identifying security incidents and cyber attacks in order to increase data protection and data security in our company and ultimately to ensure an optimal level of protection for the personal data we process.

The anonymous data of the server log files are stored and statistically evaluated separately from all personal data provided by you. The data will be deleted as soon as it is no longer required for the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. If the data is stored in log files, this is the case after 60 days at the latest. Storage beyond this is possible. In this case, the IP addresses of the users are deleted or alienated so that it is no longer possible to assign the calling client.

The legal basis for the processing of this technical data about you is our legitimate interest in the operation of our website, in increasing data security and detecting cyber attacks in accordance with. Art. 6 para. 1 lit. f GDPR.

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.

The anonymization of the data and subsequent statistical evaluation of the personal data is based on our legitimate interest in the continuous improvement of our website in accordance with Art. 6 para. 1 lit. f GDPR. Art. 6 para. 1 lit. f GDPR.

5th Newsletter

You can subscribe to a free newsletter on our website. When you register for the newsletter, the data from the input screen is transmitted to us. The following data is also collected during registration:

  • IP address of the calling computer
  • Date and time of registration

Your consent is obtained for the processing of the data as part of the registration process and reference is made to this privacy policy. No data is passed on to third parties in connection with the data processing for sending newsletters. Our newsletter is personalized using web beacons (so-called tracking pixels) to measure the opening rate. These are small graphics in HTML-based e-mails that enable the evaluation of a log file. This enables us to evaluate which content is of particular interest to you in the future and take this into account when selecting future newsletters for you.

The legal basis for sending the newsletter and recording the opening rate is your consent in accordance with Art. 6 para. 1 lit. a GDPR, which you provide to us as part of the registration process for the newsletter.

We have commissioned the processor Sendinblue to send the newsletter. An order processing contract has been concluded with Sendinblue in accordance with Art. 28 GDPR to ensure that your personal data is processed in compliance with data protection regulations.

The data will be deleted as soon as it is no longer required for the purpose for which it was collected. Your e-mail address will therefore be stored for as long as the subscription to the newsletter is active and you do not revoke your consent.

You can cancel your subscription to the newsletter at any time by withdrawing your consent to the use of your personal data. For this purpose, you will find a corresponding link in every newsletter, which you can use to unsubscribe from the newsletter and thus revoke your consent. You can also send your revocation by e-mail to send.

6. contact form and e-mail contact

A contact form is available on our website, which can be used for both electronic and personal contact by post or telephone. If a user makes use of this option, the data entered in the input mask will be transmitted to us and stored. The following information is required to process the request and is therefore mandatory:

  • Surname, first name
  • E-mail address
  • Subject
  • Content of the message

You can also contact us at any time by e-mail, in which case we will process your e-mail address and the personal data contained in your message.

In both cases, your personal data is processed on the basis of our legitimate interest in responding to inquiries from customers and interested parties in accordance with Art. 6 para. 1 lit. f GDPR. Art. 6 para. 1 lit. f GDPR. No data will be passed on to third parties in this context. The data is used exclusively for processing the conversation.

The data will be deleted as soon as it is no longer required for the purpose for which it was collected. For the personal data from the input screen of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation ends when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

7. application form

You have the opportunity to apply via an application form on our website. If you use this option, we will process your personal data that is required for the decision on the establishment of an employment relationship with you.

For the technical implementation we use the portal of Jobs bei Byodo Naturkost GmbH ( This service provider has been checked by us in accordance with the data protection regulations and contractually bound (commissioned data processing).

The personal data entered by you and documents uploaded to the portal are encrypted and transmitted in accordance with current technical possibilities. Please ensure that you only provide relevant information.

We only use the communication data you have entered to contact you.

After submitting and receiving your application, access is only granted to a relevant group of people (HR department, decision-makers) who are authorized to process it. If you have explicitly applied for an advertised position, but after the initial screening we determine that your potential may be better suited to another organizational unit, we will obtain your consent before forwarding your data to this other organizational unit for an application for a position in this organizational unit.

The data you provide will be stored for a maximum of six (6) months after the application has been processed, in accordance with legal requirements. If you withdraw your application, your data will be deleted immediately unless there are other legal obligations (e.g. § 61 para. 1 ArbGG in conjunction with § 15 AGG) to retain your data.

The legal basis for the processing of your data in the context of the application is that it is necessary for the decision on the establishment of a contractual relationship with you in accordance with Art. 6 para. 1 lit. f GDPR. § Section 26 para. 1 GDPR.

If your application is unsuccessful, we may include you in an applicant pool with the information you have provided in order to contact you for future vacancies. For this purpose, we will obtain your prior consent, which you can revoke at any time with effect for the future.

8. participation in events

On our website we advertise the events we offer, such as the end user panel. You can take part in these events by contacting us using the address details provided. If you wish to participate in the event, we will process your personal data in order to inform you about the details of your participation, to register you for the event and to enable you to participate.

Insofar as the event is a paid event, we process your personal data on the basis of Art. 6 para. 1 lit. b GDPR for the purposes of fulfilling the contract concluded with you. In this case, we process your payment data to process the payment to be made by you.

If it is a free event, we process your personal data based on our legitimate interest in organizing the events, to increase customer loyalty and to improve and further develop our products (Art. 6 para. 1 lit. f GDPR).

In both cases, we delete your personal data as soon as storage is no longer required for the above-mentioned purposes and no statutory retention periods prevent deletion.

9. competitions and surveys

On our website we link to surveys and competitions that we conduct. As part of these campaigns, we collect your personal data and process it in order to carry out the survey and use it to improve our products and services and to enable your participation in the competition.

Insofar as we obtain consent when collecting your data, the legal basis for the processing of your personal data is this consent. In this case, the personal data will remain stored by us until the survey has been evaluated or the competition has been completed or you withdraw your consent. You can revoke your consent at any time in the manner specified in the form. In such a case, you will be excluded from any competitions and your data will be deleted immediately.

If we do not obtain your consent, we will process your personal data based on our legitimate interest to improve our products and customer loyalty and to carry out the action you have called up in accordance with Art. 6 para. 1 lit. f GDPR. Art. 6 para. 1 lit. f GDPR. In this case, you have the option of objecting to the processing. Please contact our data protection officer at We process your personal data based on our legitimate interest until you object to the processing or the purposes of the processing have been achieved, i.e. the competition has been carried out or the survey has been evaluated. Your personal data will then be deleted or anonymized immediately.

10. cookies and third-party services used

The services that we use on our website for technical functionality and to improve the quality of our website are described below. We obtain the necessary consent for the use of the services and the data processing that takes place in this context via our cookie banner.

10.1. Cookies

Our website uses so-called cookies. Cookies are small text files that are stored on your computer and saved by your browser. Cookies are used to make our website more user-friendly, effective and secure.

Most of the cookies we use are “session cookies”. They are automatically deleted at the end of your session. Other cookies remain stored on your end device until you delete them or the deletion period is reached. These cookies enable us to recognize your browser the next time you visit our website.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are completely deactivated, the functionality of this website may be restricted.

Cookies that are absolutely necessary to carry out the electronic communication process or to provide certain functions you require (e.g. display of the website) are stored on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. a GDPR. 1 lit. f GDPR and due to the fact that the cookies are absolutely necessary for a function that you have expressly requested in accordance with. § 25 para.2 No. 2 of the Act on the Regulation of Data Protection and the Protection of Privacy in Telecommunications and Telemedia (TTDSG).

In this respect, we have a legitimate interest in the storage of cookies for the technical provision of the services you have requested. Insofar as other cookies (e.g. cookies to analyze your surfing behavior) are stored, these are treated separately in this privacy policy.

10.2. Matomo

We use the web analysis service Matomo on our website in order to analyze the use of our website and to be able to regularly improve our website. We can use the statistics obtained to improve our offer and make it more interesting for you as a user. For this purpose, we set cookies to ensure the analysis function of the tool.

Your IP address is shortened by Matomo (e.g. and used for geolocalization in order to classify visitors to our website by region so that we can better plan our marketing campaigns. A direct inference to your person can therefore be excluded. The IP address transmitted by your browser is neither merged with other data collected by us nor passed on to third parties.

The processing of your personal data in the context of the use of Matomo and the setting of cookies is based on the consent you have given via the cookie banner in accordance with. Art. 6 para. 1 lit. a GDPR and § 25 TTDSG. You can revoke this consent at any time with effect for the future by calling up our cookie banner again via the green/white icon with fingerprint at the bottom left of our website and changing your settings for the analysis tools.

If individual pages of our website are accessed after you have given your consent to data processing by Matomo, the following data will be stored:

  • IP address (masked 2 byte) of your calling system (e.g.
  • Browser type and version, screen resolution, set language, local time, operating system used
  • the number of pages and files you access on our website, the time spent on the website, the frequency with which you access the website, the number of actions,
  • Bounce rate, page generation time
  • the website from which you visit us (referrer URL) – unless your browser prohibits this
  • Device used (e.g. televisions, consoles, smartphones, desktops, etc.)
  • if applicable, the website you visit after our website (if you click on an external link on our website)
  • Date and time of your access.
  • No tracking cookies are placed on your computer as part of our web analysis. The Matomo software and the data collected using Matomo are operated, stored and processed exclusively on our own servers.
    The personal data will be deleted as soon as they are no longer required for the purposes for which they were originally collected.

10.3. Facebook Pixel

On our website, we use the so-called “Facebook pixel” (basic version) of the social network Facebook, which is operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (“Facebook”).

By using the Facebook pixel, Facebook is able to determine you as a visitor to our online offer as a target group for the placement of advertisements (so-called “Facebook Ads and Instagram Ads”).

Based on the express consent of website visitors, we use the Facebook pixel to display the Facebook and Instagram ads placed by us only to those Facebook and Instagram users who have also shown an interest in our online offer or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to Facebook (so-called “Custom Audiences”).

With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the interests of users and are not annoying.

The processing of data by Facebook takes place within the framework of Facebook’s data processing conditions. General information on the display of Facebook ads can be found in Facebook’s data usage policy:

Specific information and details about the Facebook pixel and how it works can be found in the Facebook help section:

For the processing of data for which Facebook acts as a processor, we have concluded a data processing agreement with Facebook, according to which Facebook is obliged to protect our customers’ data and not to pass it on to third parties.

We are aware of the potential transfer of your personal data to an insecure third country in this context and have implemented appropriate safeguards in accordance with GDPR. Art. 46 GDPR to ensure the lawful and secure processing of your personal data.

We store your data for up to 180 days after your last interaction.

The legal basis for the processing of your personal data in the context of the Facebook pixel is your consent given in the cookie banner in accordance with Art. 6 para. 1 lit. f GDPR. Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG.

You have the option at any time to revoke your consent to the use of Facebook Pixel with effect for the future by changing the cookie settings (accessible via the green, white icon with fingerprint at the bottom left of our website) and thus prevent the use of the tool and the processing of your data.You can also deactivate the collection of your data by the Facebook pixel and the use of your data to display Facebook ads in your Facebook account. To set which types of ads are displayed to you within Facebook, you can go to the page set up by Facebook for this purpose and follow the instructions on the settings for usage-based advertising: The settings are platform-independent, i.e. they are adopted for all devices, such as desktop computers or mobile devices.

10.4. Social media management tool “Facelift”

We use the Facelift social media management tool from Facelift brand building technologies GmbH (Gerhofstr. 19, 20354 Hamburg) as part of the use of our social media channels. We use Facelift for the purposes of process optimization and support as well as digital marketing and customer support on our social media channels. By using Facelift, we are able to enrich and moderate our social media profiles in the Facebook, Instagram and Twitter/X networks with content. The use of Facelift requires the processing of personal data. Among other things, the following personal data may be processed by you:

  • Name
  • First name
  • Date of birth
  • Address
  • E-mail address
  • Telephone
  • User ID from social networks
  • Postings
  • Comments and news from social networks

The personal data collected from you in this way is processed by Facelift by way of order processing. Byodo has concluded a corresponding data processing agreement with Facelift in accordance with Art. Art. 28 GDPR to ensure the security and integrity of your personal data and compliance with data protection. Byodo does not transfer your personal data to third parties or to a (non-EU) third country.

We base the use of the Facelift social media management tool on your consent in accordance with Art. Art. 6 para. 1 lit. a GDPR . Your consent is voluntary and you can revoke it at any time. To do this, you must adjust your consent settings.

Your data will only be stored for as long as is necessary to fulfill the original purpose for which it was collected. We will delete your personal data once the original purpose for which it was collected no longer applies. This is not the case if deletion is excluded due to statutory retention periods to which Byodo is subject.

10.5. Google Maps

We use Google Maps on this website. This allows us to show you interactive maps directly on the website and enables you to use the map function conveniently.

The processing of your personal data for the use of Google Maps and the forwarding of personal data to Google will only take place after you have given your consent to the processing via the cookie banner.

In addition, only the technically necessary data required to display the map (IP address, browser, time of access, etc.) is transmitted. This takes place regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish to be associated with your profile on Google, you must log out before calling up our dealer search for which we use Google Maps.

Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website.

Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.

We are aware of the transfer of your personal data to an insecure third country and have implemented suitable guarantees in accordance with Art. 6 para. 1 lit. f GDPR. Art. 46 GDPR to ensure the lawful and secure processing of your personal data.

Further information on the purpose and scope of data collection and processing by Google can be found in Google’s privacy policy. There you will also find further information on your rights in this regard and setting options to protect your privacy:

10.6. Web fonts from Adobe Typekit

This site uses so-called web fonts provided by Adobe Typekit for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.

For this purpose, the browser you are using must connect to the Adobe Typekit servers. As a result, Adobe Typekit becomes aware that our website has been accessed via your IP address. The use of Adobe Typekit Web Fonts is in the interest of a uniform and appealing presentation of our online offers. This constitutes our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR and the legal basis for the processing of your personal data. If your browser does not support web fonts, a standard font will be used by your computer.

Further information on Adobe Typekit Web Fonts can be found at and in Adobe Typekit’s privacy policy:

11. your rights

You have the right to object to the processing of your personal data by us:

  • to receive information free of charge about the personal data we have stored about you and a copy of this data;
  • the right to rectification of inaccurate personal data concerning you;
  • the right to block or delete the personal data we process about you;
  • to object to the further use of your personal data in the future; and
  • to receive the personal data provided by you in a structured, commonly used and machine-readable format and to request that we transmit this personal data to another controller

We would like to point out that your rights may be restricted by statutory retention obligations and other statutory provisions to which we are subject.

You also have the right to lodge a complaint with the data protection supervisory authority responsible for us. The supervisory authority responsible for us is: Bayerische Landesamt für Datenaufsicht (BayLDA), Promenade 27 (Schloss), 91522 Ansbach Website:

12. external connections (link)

Websites linked on our website always open in a new window. By setting links, we provide access to the use of this content. We are not responsible for this content that can be accessed through the use of links, as we did not initiate the transmission of the information, did not select the addressee of the transmitted information and did not select or change the transmitted information. The operator (hosting, Mittwald CM Service GmbH & Co. KG) of our websites does not automatically store this information temporarily due to the selected access and linking method, so that we are not responsible for the data protection of this third-party content. However, when we first linked to these websites, we checked the third-party content to determine whether it might give rise to civil or criminal liability.

13. amendment of the privacy policy

This Privacy Policy may be revised over time as we add new services, add new features or implement new legal requirements. We reserve the right to amend this privacy policy at any time and to post the revised version on our website. The revised version will become effective at the time we post it on the site.