Byodo Naturkost GmbH, hereinafter referred to as “we”, respects your privacy and personal sphere. We therefore take the protection of your personal data, such as name, date of birth, address, e-mail address, telephone number, etc. very seriously. This data protection notice regulates the collection, processing and use of your personal data, if and to the extent that it is collected when you use our website. When handling this data, we act in strict compliance with the relevant statutory data protection regulations.

Table of contents Data protection Website

1. What is personal data?
2. Person responsible for data collection
3. General information on data processing
   1. Data deletion
   2. Security of your data
   3. Data transfer to third parties
4. Provision of the website
5. Newsletter
6. Contact form and e-mail contact
7. Application form
8. Participation in events
9. Competitions and surveys
10. Cookies and third-party services used
    1. Cookies
    2. Matomo
    3. Facebook Pixel
    4. Social media management tool “Facelift”
    5. Google services
    6. Web fonts from Adobe Typekit
    7. Pinterest
    8. Bing Maps
    9. Microsoft Clarity
11. Your rights
12. External connections (link)
13. Changes to the privacy policy

1. what is personal data

Personal data is any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. This includes data such as your real name, address, telephone number and date of birth. Information that cannot be directly linked to your real identity, such as preferred websites or the number of users of a site, is not considered personal data.

2. person responsible for data collection

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is the:

Byodo Naturkost GmbH
Leisederstrasse 2
D – 84453 Mühldorf
Phone: +49 (0) 8631/ 3629-0
Fax: +49 (0) 8631/ 3629-750
Email: info@byodo.de
Web: www.byodo.de

Any data subject can contact us or our data protection officer directly with any questions or suggestions regarding data protection.

The external data protection officer of the controller is

Alois Grob
Agotech IT-Systemhaus GmbH
Leisederstrasse 2
84453 Mühldorf a. Inn
Phone +49 8631 3629970
Website www.agotech.de
E-Mail: datenschutz@byodo.de

3. general information on data processing

First of all, we would like to inform you in general terms about the principles of data processing on our website.

3.1. Data erasure and storage duration

In principle, your data will be deleted as soon as the purpose for which it was collected has been fulfilled. We process your personal data, if necessary, for the duration of the entire business relationship (from the initiation, processing to the termination of a contract) and beyond in accordance with the statutory retention and documentation obligations arising from the German Fiscal Code (AO) or other legal requirements.

3.2. Security of your data

The personal data provided by you will be processed in accordance with Art. Artt. 24, 32 GDPR in such a way that they are protected against access by unauthorized third parties.

3.3. Data transfer to third parties

We do not pass on any data to third parties without your consent, unless this is expressly permitted by law without your consent or is necessary due to a court or official request. Excluded from this is the transfer of personal data to service providers (e.g. payment service providers, logistics companies) that process personal data on our behalf. This is particularly the case for the fulfillment of contracts for the purpose of processing purchases via our online store.

4. provision of the website

Our website collects a range of general data and information each time it is accessed. This general data and information is stored in the server log files. can be recorded;

(1) the browser types and versions used,
(2) the operating system used by the accessing system,
(3) the website from which an accessing system accesses our website (so-called referrer),
(4) the sub-websites which are accessed via an accessing system on our website,
(5) the date and time of access to the website,
(6) an internet protocol address (IP address),
(7) the internet service provider of the accessing system and
(8) other similar data and information used for security purposes in the event of attacks on our information technology systems.

When using this general data and information, we do not draw any conclusions about your person. Rather, this information is required in order to

(1) to correctly deliver the contents of our website,
(2) to optimize the contents of our website and the advertising for it,
(3) to ensure the long-term functionality of our information technology systems and the technology of our website and
(4) to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack.

We evaluate this collected data and information both statistically and with the aim of identifying security incidents and cyber attacks in order to increase data protection and data security in our company and ultimately to ensure an optimal level of protection for the personal data we process.

The anonymous data of the server log files are stored and statistically evaluated separately from all personal data provided by you. The data will be deleted as soon as it is no longer required for the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. If the data is stored in log files, this is the case after 60 days at the latest. Storage beyond this is possible. In this case, the IP addresses of the users are deleted or alienated so that it is no longer possible to assign the calling client.

The legal basis for the processing of this technical data about you is our legitimate interest in the operation of our website, in increasing data security and detecting cyber attacks in accordance with. Art. 6 para. 1 lit. f GDPR.

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.

The anonymization of the data and subsequent statistical evaluation of the personal data is based on our legitimate interest in the continuous improvement of our website in accordance with Art. 6 para. 1 lit. f GDPR. Art. 6 para. 1 lit. f GDPR.

5th Newsletter

You can subscribe to a free newsletter on our website. When you register for the newsletter, the data from the input screen is transmitted to us. The following data is also collected during registration:

• IP address of the calling computer
• Date and time of registration

Your consent is obtained for the processing of the data as part of the registration process and reference is made to this privacy policy. No data is passed on to third parties in connection with the data processing for sending newsletters. Our newsletter is personalized using web beacons (so-called tracking pixels) to measure the opening rate. These are small graphics in HTML-based e-mails that enable the evaluation of a log file. This enables us to evaluate which content is of particular interest to you in the future and take this into account when selecting future newsletters for you.

The legal basis for sending the newsletter and recording the opening rate is your consent in accordance with Art. 6 para. 1 lit. a GDPR, which you provide to us as part of the registration process for the newsletter.

We have commissioned the processor Brevo (formerly Sendinblue, Köpenicker Straße 126, 10179 Berlin) to send the newsletter. An order processing contract has been concluded with Brevo in accordance with Art. 28 GDPR to ensure that your personal data is processed in compliance with data protection regulations.

The data will be deleted as soon as it is no longer required for the purpose for which it was collected. Your e-mail address will therefore be stored for as long as the subscription to the newsletter is active and you do not revoke your consent.

You can cancel your subscription to the newsletter at any time by withdrawing your consent to the use of your personal data. For this purpose, you will find a corresponding link in every newsletter, which you can use to unsubscribe from the newsletter and thus revoke your consent. You can also send your revocation by e-mail to send.

6. contact form and e-mail contact

A contact form is available on our website, which can be used for both electronic and personal contact by post or telephone. If a user makes use of this option, the data entered in the input mask will be transmitted to us and stored. The following information is required to process the request and is therefore mandatory:

• Surname, first name
• E-mail address
• Subject
• Content of the message

You can also contact us at any time by e-mail, in which case we will process your e-mail address and the personal data contained in your message.

In both cases, your personal data is processed on the basis of our legitimate interest in responding to inquiries from customers and interested parties in accordance with Art. 6 para. 1 lit. f GDPR. Art. 6 para. 1 lit. f GDPR. No data will be passed on to third parties in this context. The data is used exclusively for processing the conversation.

The data will be deleted as soon as it is no longer required for the purpose for which it was collected. For the personal data from the input screen of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation ends when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

7. application form

You have the opportunity to apply via an application form on our website. If you use this option, we will process your personal data that is required for the decision on the establishment of an employment relationship with you.

For the technical implementation we use the portal of Jobs bei Byodo Naturkost GmbH (personio.de). This service provider has been checked by us in accordance with the data protection regulations and contractually bound (commissioned data processing).

The personal data entered by you and documents uploaded to the portal are encrypted and transmitted in accordance with current technical possibilities. Please ensure that you only provide relevant information.

We only use the communication data you have entered to contact you.

After submitting and receiving your application, access is only granted to a relevant group of people (HR department, decision-makers) who are authorized to process it. If you have explicitly applied for an advertised position, but after the initial screening we determine that your potential may be better suited to another organizational unit, we will obtain your consent before forwarding your data to this other organizational unit for an application for a position in this organizational unit.

The data you provide will be stored for a maximum of six (6) months after the application has been processed, in accordance with legal requirements. If you withdraw your application, your data will be deleted immediately unless there are other legal obligations (e.g. § 61 para. 1 ArbGG in conjunction with § 15 AGG) to retain your data.

The legal basis for the processing of your data in the context of the application is that it is necessary for the decision on the establishment of a contractual relationship with you in accordance with Art. 6 para. 1 lit. f GDPR. § 26 BDSG Act.

If your application is unsuccessful, we may include you in an applicant pool with the information you have provided in order to contact you for future vacancies. For this purpose, we will obtain your prior consent, which you can revoke at any time with effect for the future.

8. participation in events

On our website we advertise the events we offer, such as the end user panel. You can take part in these events by contacting us using the address details provided. If you wish to participate in the event, we will process your personal data in order to inform you about the details of your participation, to register you for the event and to enable you to participate.

Insofar as the event is a paid event, we process your personal data on the basis of Art. 6 para. 1 lit. b GDPR for the purposes of fulfilling the contract concluded with you. In this case, we process your payment data to process the payment to be made by you.

If it is a free event, we process your personal data based on our legitimate interest in organizing the events, to increase customer loyalty and to improve and further develop our products (Art. 6 para. 1 lit. f GDPR).

In both cases, we delete your personal data as soon as storage is no longer required for the above-mentioned purposes and no statutory retention periods prevent deletion.

9. competitions and surveys

On our website we link to surveys and competitions that we conduct. As part of these campaigns, we collect your personal data and process it in order to carry out the survey and use it to improve our products and services and to enable your participation in the competition.

Insofar as we obtain consent when collecting your data, the legal basis for the processing of your personal data is this consent. In this case, the personal data will remain stored by us until the survey has been evaluated or the competition has been completed or you withdraw your consent. You can revoke your consent at any time in the manner specified in the form. In such a case, you will be excluded from any competitions and your data will be deleted immediately.

If we do not obtain your consent, we will process your personal data based on our legitimate interest to improve our products and customer loyalty and to carry out the action you have called up in accordance with Art. 6 para. 1 lit. f GDPR. Art. 6 para. 1 lit. f GDPR. In this case, you have the option of objecting to the processing. Please contact our data protection officer at We process your personal data based on our legitimate interest until you object to the processing or the purposes of the processing have been achieved, i.e. the competition has been carried out or the survey has been evaluated. Your personal data will then be deleted or anonymized immediately.

10. cookies and third-party services used

The services that we use on our website for technical functionality and to improve the quality of our website are described below. We obtain the necessary consent for the use of the services and the data processing that takes place in this context via our cookie banner.

 

10.1. Cookies

Our website uses so-called cookies. Cookies are small text files that are stored on your computer and saved by your browser. Cookies are used to make our website more user-friendly, effective and secure.

Most of the cookies we use are “session cookies”. They are automatically deleted at the end of your session. Other cookies remain stored on your end device until you delete them or the deletion period is reached. These cookies enable us to recognize your browser the next time you visit our website.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are completely deactivated, the functionality of this website may be restricted.

Cookies that are absolutely necessary to carry out the electronic communication process or to provide certain functions you require (e.g. display of the website) are stored on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. a GDPR. 1 lit. f GDPR and due to the fact that the cookies are absolutely necessary for a function that you have expressly requested in accordance with. § 25 para.2 No. 2 of the Act on the Regulation of Data Protection and the Protection of Privacy in Telecommunications and Telemedia (TTDSG).

In this respect, we have a legitimate interest in the storage of cookies for the technical provision of the services you have requested. Insofar as other cookies (e.g. cookies to analyze your surfing behavior) are stored, these are treated separately in this privacy policy.

 

10.2. Matomo

We use the web analysis service Matomo on our website in order to analyze the use of our website and to be able to regularly improve our website. We can use the statistics obtained to improve our offer and make it more interesting for you as a user. For this purpose, we set cookies to ensure the analysis function of the tool.

Your IP address is shortened by Matomo (e.g. 111.xxx.xxx.xxx) and used for geolocalization in order to classify visitors to our website by region so that we can better plan our marketing campaigns. A direct inference to your person can therefore be excluded. The IP address transmitted by your browser is neither merged with other data collected by us nor passed on to third parties.

The processing of your personal data in the context of the use of Matomo and the setting of cookies is based on the consent you have given via the cookie banner in accordance with. Art. 6 para. 1 lit. a GDPR and § 25 TTDSG. You can revoke this consent at any time with effect for the future by calling up our cookie banner again via the green/white icon with fingerprint at the bottom left of our website and changing your settings for the analysis tools.

If individual pages of our website are accessed after you have given your consent to data processing by Matomo, the following data will be stored:

• IP address (masked 2 byte) of your calling system (e.g. 111.xxx.xxx.xxx)
• Browser type and version, screen resolution, set language, local time, operating system used
• the number of pages and files you access on our website, the time spent on the website, the frequency with which you access the website, the number of actions,
• Bounce rate, page generation time
• the website from which you visit us (referrer URL) – unless your browser prohibits this
• Device used (e.g. televisions, consoles, smartphones, desktops, etc.)
• if applicable, the website you visit after our website (if you click on an external link on our website)
• Date and time of your access.
• No tracking cookies are placed on your computer as part of our web analysis. The Matomo software and the data collected using Matomo are operated, stored and processed exclusively on our own servers.
  The personal data are deleted as soon as they are no longer required for the purposes for which they were originally collected.

 

10.3. Facebook Pixel

On our website, we use the so-called “Facebook pixel” (basic version) of the social network Facebook, which is operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (“Facebook”).

By using the Facebook pixel, Facebook is able to determine you as a visitor to our online offer as a target group for the placement of advertisements (so-called “Facebook Ads and Instagram Ads”).

Based on the express consent of website visitors, we use the Facebook pixel to display the Facebook and Instagram ads placed by us only to those Facebook and Instagram users who have also shown an interest in our online offer or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to Facebook (so-called “Custom Audiences”).

With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the interests of users and are not annoying.

The processing of data by Facebook takes place within the framework of Facebook’s data processing conditions. General information on the display of Facebook ads can be found in Facebook’s data usage policy: https://www.facebook.com/policy.php.

Specific information and details about the Facebook pixel and how it works can be found in the Facebook help section: https://www.facebook.com/business/help/651294705016616.

For the processing of data for which Facebook acts as a processor, we have concluded a data processing agreement with Facebook, according to which Facebook is obliged to protect our customers’ data and not to pass it on to third parties.

We are aware of the potential transfer of your personal data to an insecure third country in this context and have implemented appropriate safeguards in accordance with GDPR. Art. 46 GDPR to ensure the lawful and secure processing of your personal data.

We store your data for up to 180 days after your last interaction.

The legal basis for the processing of your personal data in the context of the Facebook pixel is your consent given in the cookie banner in accordance with Art. 6 para. 1 lit. f GDPR. Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG.

You have the option at any time to revoke your consent to the use of Facebook Pixel with effect for the future by changing the cookie settings (accessible via the green, white icon with fingerprint at the bottom left of our website) and thus prevent the use of the tool and the processing of your data.You can also deactivate the collection of your data by the Facebook pixel and the use of your data to display Facebook ads in your Facebook account. To set which types of ads are displayed to you within Facebook, you can go to the page set up by Facebook for this purpose and follow the instructions on the settings for usage-based advertising: https://www.facebook.com/settings?tab=ads. The settings are platform-independent, i.e. they are adopted for all devices, such as desktop computers or mobile devices.

 

10.4. Social media management tool “Facelift”

We use the Facelift social media management tool from Facelift brand building technologies GmbH (Gerhofstr. 19, 20354 Hamburg) as part of the use of our social media channels. We use Facelift for the purposes of process optimization and support as well as digital marketing and customer support on our social media channels. By using Facelift, we are able to enrich and moderate our social media profiles in the Facebook, Instagram and Twitter/X networks with content. The use of Facelift requires the processing of personal data. Among other things, the following personal data may be processed by you:

• Name
• First name
• Date of birth
• Address
• E-mail address
• Telephone
• User ID from social networks
• Postings
• Comments and news from social networks

The personal data collected from you in this way is processed by Facelift by way of order processing. Byodo has concluded a corresponding data processing agreement with Facelift in accordance with Art. Art. 28 GDPR to ensure the security and integrity of your personal data and compliance with data protection. Byodo does not transfer your personal data to third parties or to a (non-EU) third country.

We base the use of the Facelift social media management tool on your consent in accordance with Art. Art. 6 para. 1 lit. a GDPR . Your consent is voluntary and you can revoke it at any time. To do this, you must adjust your consent settings.

Your data will only be stored for as long as is necessary to fulfill the original purpose for which it was collected. We will delete your personal data once the original purpose for which it was collected no longer applies. This is not the case if deletion is excluded due to statutory retention periods to which Byodo is subject.

 

10.5. Google services

On our website we use several services of the US company Google Inc. (1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA), or Alphabet Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. The controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), which may process your personal data in the course of your use.

10.5.1. General information on third country transfers

For the USA, the European Commission adopted its adequacy decision on July 10, 2023. Google LLC is certified under the EU-US Privacy Framework. Since Google servers are distributed worldwide and a transfer to third countries (for example to Singapore) cannot be completely ruled out, we have also concluded the EU standard contractual clauses with the provider.

10.5.2. Legal basis for data processing

For the Google services listed below, we either use the consent(s) you have given in the cookie banner (Art. 6 para. 1 lit. a GDPR) or base the processing on our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR. Art. 6 para. 1 lit. f GDPR.

In the case of Google AdWords, the setting of the cookie is based on the consent you have given in the cookie consent banner in accordance with. Art. 6 para. 1 lit. a GDPR and Section 25 (1) TTDSG as the legal basis.

We process your personal data based on your consent for the use of:

• Google Ads
• Google Tag Manager
• Google Conversion Tracker
• Google Analytics 4+
• Google Maps

10.5.3. Google Ads

We have integrated Google Ads on this website. Google Ads is an internet advertising service that allows advertisers to place ads both in Google’s search engine results and in the Google advertising network.

Google Ads allows an advertiser to define certain keywords in advance, which are used to display an ad in Google’s search engine results only when the user uses the search engine to retrieve a keyword-relevant search result. In the Google advertising network, the ads are distributed to relevant websites using an automatic algorithm and taking into account the previously defined keywords.

If a data subject reaches our website via a Google ad, a so-called conversion cookie is stored on the data subject’s IT system by Google. Cookies are small data packets that are stored either locally or on the server, but regularly on the respective end devices of the website visitors. A conversion cookie loses its validity after thirty days and is not used to identify the data subject. If the cookie has not yet expired, the conversion cookie is used to track whether certain sub-pages, such as the shopping cart from an online store system, have been accessed on our website. The conversion cookie enables both us and Google to track whether a data subject who has reached our website via an AdWords ad has generated sales, i.e. completed or canceled a purchase.

The data and information collected through the use of the conversion cookie is used by Google to compile visit statistics for our website. These visit statistics are in turn used by us to determine the total number of users who were referred to us via Ads ads, i.e. to determine the success or failure of the respective Ads ad and to optimize our Ads ads for the future. Neither our company nor other Google Ads advertisers receive information from Google that could be used to identify the data subject. The conversion cookie is used to store personal information, such as the websites visited by the data subject. Each time our websites are visited, personal data, including the IP address of the Internet connection used by the data subject, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass on this personal data collected via the technical process to third parties.

10.5.4. Google Tag Manager

By using Google Tag Manager, we are able to implement and manage tracking codes or conversion pixels on our website, for example. We use Google Tag Manager to ensure and improve the functionality as well as the process optimization and user-friendliness of our website.
When Google Tag Manager is used, data is collected on our website and passed on to the associated analysis tools. Google Tag Manager collects and transmits data about the use of individual tags. The processing of personal data cannot be ruled out.

10.5.5. Google Conversion Tracker

As part of the operation of our website and the use of Google Ads, we use Google Conversion Tracking. Google Conversion Tracking is used for the purposes of analysis, retargeting, marketing and advertising. This allows us to track which Google Ads ad the user has used to reach our website, which pages the user has visited on our website and whether a conversion has occurred in order to evaluate the effectiveness and user-friendliness of our Google Ads ad.

As part of the use of Google Conversion Tracking, an anonymous profile of the website visitors is created, which contains various data on the behavior and the visitor himself, whereby it cannot be ruled out that personal data will also be processed by you.

Google Analytics 4

If you have given your consent, Google Analytics 4, a web analysis service of Google LLC, is used on this website.

Nature and purpose of processing

Google Analytics uses cookies to help the website analyze how users use the site. The information collected by the cookies about your use of this website is usually transferred to a Google server in the USA and stored there.
We use the User ID function. With the help of the user ID, we can assign a unique, permanent ID to one or more sessions (and the activities within these sessions) and analyze user behavior across devices.

We use Google Signals. This allows Google Analytics to collect additional information about users who have activated personalized ads (interests and demographic data) and ads can be delivered to these users in cross-device remarketing campaigns.

In Google Analytics 4, the anonymization of IP addresses is activated by default. Due to IP anonymization, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
During your visit to the website, your user behavior is recorded in the form of “events”.

Events can be:

• Page views
• First visit to the website
• Start of the session
• Websites visited
• Your “click path”, interaction with the website
• Scrolls (whenever a user scrolls to the end of the page (90%))
• Clicks on external links
• internal search queries
• Interaction with videos
• File downloads
• Viewed/clicked ads
• Language setting

Also recorded:

• City
• Latitude (of the city)
• Longitude (of the city)
• Secondary version of the browser
• User agent string of the browser
• Minor version of the operating system
• Secondary version of the platform
• Screen resolution
• Date and time of the visit
• Your IP address (in abbreviated form)
• technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
• Your Internet provider
• the referrer URL (via which website / via which advertising medium you came to this website)

Purposes of the processing

On behalf of the operator of this website, Google will use this information to evaluate your use of the website and to compile reports on website activity. The reports provided by Google Analytics are used to analyze the performance of our website and the success of our marketing campaigns.

Storage duration

The data sent by us and linked to cookies is automatically deleted after 14 months. The maximum lifespan of Google Analytics cookies is 2 years. Data whose retention period has been reached is automatically deleted once a month. Personal data is stored for as long as it is required to achieve the purposes for which it was originally collected.

10.5.6. Google Maps

We use Google Maps on this website. This allows us to show you interactive maps directly on the website and enables you to use the map function conveniently. Only the technically necessary data required to display the map (IP address, browser, time of access, etc.) is transmitted. This takes place regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish to be associated with your profile on Google, you must log out before calling up our dealer search for which we use Google Maps.

Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website.

Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.

 

10.6. Web fonts from Adobe Typekit

This site uses so-called web fonts provided by Adobe Typekit for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.

For this purpose, the browser you are using must connect to the Adobe Typekit servers. As a result, Adobe Typekit becomes aware that our website has been accessed via your IP address. The use of Adobe Typekit Web Fonts is in the interest of a uniform and appealing presentation of our online offers. This constitutes our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR and the legal basis for the processing of your personal data. If your browser does not support web fonts, a standard font will be used by your computer.

Further information on Adobe Typekit Web Fonts can be found at typekit.com and in Adobe Typekit’s privacy policy: https://www.adobe.com/de/privacy/policies/typekit.html

 

10.7. Pinterest

On this website, we use elements of the social network Pinterest, which is operated by Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.

When you access a page that contains such an element, your browser establishes a direct connection to the Pinterest servers. This social media element transmits log data to the Pinterest server in the USA. This log data may contain your IP address, the address of the websites visited that also contain Pinterest functions, the type and settings of the browser, the date and time of the request, your use of Pinterest and cookies.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent can be revoked at any time.

Further information on the purpose, scope and further processing and use of the data by Pinterest as well as your rights and options for protecting your privacy can be found in Pinterest’s privacy policy:
https://policy.pinterest.com/de/privacy-policy.

 

10.8. Bing Maps

On this website we use the offer. Bing Maps from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. This allows us to show you interactive maps directly on the website and enables you to use the map function conveniently. The purpose of the processing is also to show you packing stations and post offices in your vicinity as part of the ordering process.

The processing of your personal data for the use of Bing Maps and the forwarding of personal data to Microsoft will only take place after you have given your consent to the processing via the cookie banner. You can revoke this consent at any time with effect for the future by adjusting your cookie settings accordingly, which you can access at the bottom of our website.

In addition, only the technically necessary data required to display the map (IP address, browser, time of access, etc.) is transmitted. This occurs regardless of whether Microsoft provides a user account through which you are logged in or whether no user account exists. If you are logged in to Microsoft, your data is potentially assigned directly to your account. If you do not wish to be associated with your Microsoft profile, you must log out before consenting to the use of Bing Maps. The further use of your personal data by Microsoft, which takes place if you are logged in when you call up the Bing Map, is based on Microsoft’s data protection regulations.

We are aware of the transfer of your personal data to a third country and have implemented appropriate safeguards in accordance with GDPR. Art. 46 GDPR to ensure the lawful and secure processing of your personal data.

The personal data will be deleted as soon as further storage of the personal data is no longer necessary or we are obliged to delete the data due to statutory or legal orders.

 

10.9. Microsoft Clarity

Microsoft Clarity is a free web analytics tool that gives us insights into user behavior on our website. It collects anonymized data, such as clicks, mouse movements, scrolling behavior and heatmaps, to improve the user experience.
Your data is processed on the basis of our legitimate interest in optimizing our website in accordance with Art. 6 para. 1 lit. f GDPR. We are interested in analyzing the user experience and improving our website accordingly.

• Microsoft Clarity collects the following data, among others:
• IP address (in anonymized form)
• Device information (e.g. browser, operating system)
• User behavior (e.g. clicks, scrolling, mouse movements)
• Session duration
• The IP addresses are usually anonymized by Microsoft Clarity, so that a direct assignment to the user is excluded.

The data collected by Microsoft Clarity is used exclusively by us and is not passed on to third parties unless there is a legal obligation to do so or this is necessary to fulfill our legal obligations. The data collected by Microsoft Clarity will only be stored for as long as is necessary for the stated purposes or as required by law.

 

11. your rights

You have the right to object to the processing of your personal data by us:

• to receive information free of charge about the personal data we have stored about you and a copy of this data;
• the right to rectification of inaccurate personal data concerning you;
• the right to block or delete the personal data we process about you;
• to object to the further use of your personal data in the future; and
• to receive the personal data provided by you in a structured, commonly used and machine-readable format and to request that we transmit this personal data to another controller

We would like to point out that your rights may be restricted by statutory retention obligations and other statutory provisions to which we are subject.

You also have the right to lodge a complaint with the data protection supervisory authority responsible for us. The supervisory authority responsible for us is: Bayerische Landesamt für Datenaufsicht (BayLDA), Promenade 27 (Schloss), 91522 Ansbach Website: https://www.lda.bayern.de/de/index.html

12. external connections (link)

Websites linked on our website always open in a new window. By setting links, we provide access to the use of this content. We are not responsible for this content that can be accessed through the use of links, as we did not initiate the transmission of the information, did not select the addressee of the transmitted information and did not select or change the transmitted information. This information is not automatically stored temporarily by the operator (hosting, Mittwald CM Service GmbH & Co. KG) of our websites due to the selected access and linking method, so that we are not responsible for the data protection of this third-party content. However, when we first linked to these websites, we checked the third-party content to determine whether it might give rise to civil or criminal liability.

We would like to point out that we use a whistleblower protection tool to enable secure and anonymous reporting of violations. The tool is provided by the external provider lawcode GmbH. Please note that a separate privacy policy applies to the use of the whistleblower protection tool, which you can view directly on the tool’s website: https://byodo.hintbox.de/privacy-system.

13. amendment of the privacy policy

This Privacy Policy may be revised over time as we add new services, add new features or implement new legal requirements. We reserve the right to amend this privacy policy at any time and to post the revised version on our website. The revised version will become effective at the time we post it on the site.

Table of contents further data protection for the webshop

1. User account and profile
2. Webshop
   1. Order process
   2. Use of payment service providers (PayPal, ApplePay, Klarna)
   3. Use of shipping and transportation service providers
   4. Forwarding goods
   5. Forwarding the e-mail address for shipment tracking
   6. Google Maps API
   7. Brevo
3. Surveys and competitions

1. user account and profile

You have the option of creating a user account on our website. The following personal data is collected for this purpose:

• Private customer or commercial customer
• Salutation
• First name
• Surname
• E-mail address
• password
• Address
• Telephone number (optional)

We process this personal data in order to grant you access to our user area and its functions and to reduce your workload for future orders.

We use profiles that we create from your purchasing and usage behavior so that we can base our strategic planning on customer wishes. These data collections do not result in any decisions that would be to your disadvantage.

The evaluations help us to optimize the relevance of our advertising efforts, to provide more targeted information about our company and our offers, to make better use of resources, to adapt our information offer in the best possible way and to make it more relevant. In our advertising measures, we are also primarily interested in protecting you as far as possible from unwanted advertising or advertising that is not in line with your interests.

When selecting the data, we focus on data that we have received from you with your consent or from business processes. This includes, for example, your previous purchases, the value of your previous purchases, the frequency with which you shop with us, the method (online, written or telephone order or in our store) and the reason for the purchase (advertising, campaigns, recommendations), your requests for information, information already sent to you or your reactions to corresponding advertising information in postal advertising or our newsletters, surveys and e-mail information.

Where this is technically and economically feasible, we separate the relevant data from your person, pseudonymize it and form groups (clusters) in which the individual information is merged prior to an evaluation in order to protect your interests.

In order to be able to take your personal interests into account in a targeted manner, we also use the purchasing and usage data listed above in the context of personal evaluations and create corresponding profiles for this purpose, the data content of which is individually tailored to your person and assigned to you.

We delete many profiles (selections) that we create after the advertising campaign has been completed.

The legal basis for the processing of your personal data as described above for the operation of the user account and the creation of the user profile is the consent expressly granted by you during registration in accordance with Art. 6 para. 1 lit. f GDPR. Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time by deleting your account under the options provided for this purpose or by contacting us with a corresponding request.

In principle, all personal data will be deleted from your user account and user profile as soon as you revoke your consent for data processing within the scope of the user account or delete your account.

2.webshop

We offer our goods for sale in our online store. This involves a large number of processing steps, which we will explain in detail below.

In principle, the data we collect from you in our web store will be deleted as soon as storage is no longer required for the purposes of contract processing and no statutory retention period prevents the deletion of the data.

 

2.1. Order process

We store all data that is entered during order processing. This includes

• Surname, first name
• Address
• Payment data
• E-mail address
• Telephone number (optional)

We process this personal data for the fulfillment of the contract in accordance with. Art. 6 para. 1 lit. b GDPR.

This data, which is absolutely necessary for delivery or order processing, is passed on to third party service providers.

 

2.2. Use of payment service providers (PayPal, ApplePay, Klarna)

We use functions from payment service providers and online payment systems for orders in our store. We want to make payment as simple as possible and minimize risks during payment processing.

The payment service providers we use provide their specialist services independently and do not fulfill the criterion of being bound by instructions. An order processing contract is therefore not necessary with the payment service provider in accordance with Art. 28 GDPR. The legal basis for data processing is acc. Art. 6 para. 1 lit. b GDPR, as the transfer to the payment service providers is necessary for the purpose of fulfilling the obligations under the purchase contract.

Mollie B.V. German office Luise-Ullrich-Straße 14, 80636 Munich is used for the summarized processing of payment services in accordance with Art. 26 para. 1 GDPR. You can read more information on data protection at Mollie B.V. here.

Payment service providers ensure the quality and integrity of the financial sector, for example by identifying, investigating, preventing and actively combating (attempted) criminal behavior, and meet the requirements of legal obligations.

On our website, we offer the option of choosing between different payment service providers. To pay with the service providers, you must have an account with the respective service provider. The processing of your personal data is subject to the data protection provisions of the payment service providers. We offer the following payment service providers on our website:

PayPal is offered by PayPal (Europe) S.à.r.l. et Cie, S.C.A. 22-24 Boulevard Royal, L-2449 Luxembourg). Information on data protection at the provider can be found in the PayPal privacy policy.

ApplePay is offered by Apple Distribution International Ltd, Hollyhill Industrial Estate, Holyhill, Cork, Ireland. Information on data protection at the provider can be found in the ApplePay Security Statement and the Apple Privacy Notice.

Klarna is offered by Klarna Bank AB (publ), P.O. Box 900162 90492 Nuremberg. Information on data protection at the provider can be found in the Klarna data protection declaration.

 

2.3. Use of shipping and transportation service providers

For the delivery of the goods ordered by you, we use shipping service providers, usually Deutsche Post AG (DHL), which comply with the applicable statutory data protection and confidentiality regulations, etc.

We transmit your personal data (full name and verified address) to the shipping service provider for the purpose of delivering ordered goods. The transmission of personal data is necessary for the dispatch of the goods and thus for the processing of the contractual relationship in accordance with Art. 6 para. 1 lit. a GDPR. Art. 6 para. 1 lit. b GDPR.

 

2.4. Forwarding goods

If the goods you have ordered reach a size that cannot be shipped with normal parcel services (bulky goods), we will use a forwarding agent. The forwarding company usually requires a telephone number to coordinate the delivery date. In this case, we will send the telephone number you provide to the forwarding company.

Since a telephone number is not required in the input mask, we will contact you if you have not provided a telephone number. In this case, your contact data will be processed to contact you and the telephone number will be passed on in order to be able to provide the contractually guaranteed service and thus serves to fulfill the contract (Art. 6 para. 1 lit. b GDPR).

 

2.5. Forwarding the e-mail address for shipment tracking

For our parcel deliveries, we offer the option of shipment tracking via the shipping service provider commissioned by us. For this purpose, in addition to your address data for delivery, we transmit your e-mail address to the shipping service provider. The forwarding of the e-mail address is for a specific purpose (shipment tracking). It will not be forwarded to other recipients.

This transmission is based on your express consent. You can revoke this consent at any time with effect for the future by sending us an e-mail to this effect.

 

2.6. Google Maps API

Google Maps is integrated into our webshop via an API to enable address validation when you enter your delivery address. This function allows us to recognize and automatically correct incorrect entries at an early stage.

The legal basis is Art. 6 para. 1 lit. f GDPR, as it is in our legitimate interest to create a smooth shipping situation that minimizes or completely avoids incorrect deliveries.

In this processing, our cooperation with Google LLC is based on a joint controllership agreement pursuant to Art. 26 GDPR, which can be accessed here .

When an address (city, street, house no.) is verified, any cookie that is part of the verification is loaded with it. As this is often subject to change and is managed by the party providing the embedded content, we are unable to provide you with any additional information. To learn more, please visit https://policies.google.com/privacy.

3. surveys and competitions

On our website we link to surveys and competitions that we conduct. As part of these campaigns, we collect your personal data and process it in order to carry out your survey and use it to improve our products and services and to enable your participation in the competition.

Insofar as we obtain consent when collecting your data, the legal basis for the processing of your personal data is this consent. In this case, the personal data will remain stored by us until the survey has been evaluated or the competition has been completed or you withdraw your consent. In such a case, you will be excluded from the competitions and your data will be deleted immediately.

If we do not obtain your consent, we will process your personal data based on our legitimate interest to improve our products and customer loyalty and to carry out the action you have called up in accordance with Art. 6 para. 1 lit. f GDPR. Art. 6 para. 1 lit. f GDPR. In this case, you have the option of objecting to the processing. Please contact our data protection officer at the above address. Your personal data will then be deleted or anonymized immediately.

If you have a customer account with us, we can assign the personal data collected as part of the surveys to your account and use it to customize your user profile (see section 1).

 

Table of contents for further data protection on social media

1. Facebook
2. Instagram
3. Pinterest

1.Facebook

Our presence on social networks and platforms serves to improve active communication with our customers and interested parties. We provide information about our products and current special offers.

When you visit our online presence on social media, your data may be automatically collected and stored for market research and advertising purposes. This data is used to create so-called user profiles using pseudonyms. These can be used, for example, to place advertisements within and outside the platforms that presumably correspond to your interests.

As a rule, cookies are used on your end device for this purpose. Visitor behavior and user interests are stored in these cookies. This serves acc. Art. 6 para. 1 lit. f) GDPR to safeguard our legitimate interests in an optimized presentation of our offer and effective communication with customers and interested parties, which predominate in the context of a balancing of interests.

We, Byodo Naturkost GmbH, use the technical platform and services of Meta Platforms Ireland Ltd, 4 Grand Canal quare Grand Canal Harbour, Dublin 2, Ireland for the information service offered here.

In this case, Art. 26 of the GDPR provides for special obligations for joint controllers. They must specify in a transparent agreement which of them fulfills which GDPR obligation. In particular, the responsibility with regard to the rights of the data subject and the information obligations pursuant to Articles 13 and 14 GDPR has been clarified.

For Facebook, see this link https://www.facebook.com/legal/terms/page_controller_addendum and our privacy policy. However, Facebook reserves the right to update the addendum from time to time. Of course, the content is non-negotiable, which deprives us as operators of the opportunity to intervene if the addition is unilaterally adapted by Facebook.

For the processing of your data by Meta Platforms Inc. (Facebook) when you visit our website, e.g. with the help of a checkbox, to obtain your consent (agreement) on the basis of Art. 6 para. 1 lit. a) GDPR for the data processing for the functions described below. The functions described will only be activated if you have explicitly and verifiably authorized them.

Of course, you can revoke your decision at any time.

We would like to point out that you use this Facebook page and its functions on your own responsibility. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating). Alternatively, you can also access the information provided on this page on our website at www.byodo.de.

When you visit our Facebook page, Facebook records your IP address and other information collected by cookies on your PC. This information is used, among other things, to provide us as the operator of the Facebook pages with statistical information about the use of the Facebook page.

Facebook provides more information on this under the following link: http://de-de.facebook.com/help/pages/insights

The data collected about you in this context is processed by Facebook Ltd. and may be transferred to countries outside the European Union. What information Facebook receives and how it is used is described by Facebook in general terms in its data usage guidelines. There you will also find information on how to contact Facebook and the settings options for advertisements. The data usage guidelines are available at the following link: http://de-de.facebook.com/about/privacy

You can find Facebook’s complete data policy here: https://de-de.facebook.com/full_data_use_policy

How Facebook uses the data from visits to Facebook pages for its own purposes, to what extent activities on the Facebook page are assigned to individual users, how long Facebook stores this data and whether data from a visit to the Facebook page is passed on to third parties is not conclusively and clearly stated by Facebook and is not known to us.

When you access a Facebook page, the IP address assigned to your device is transmitted to Facebook. According to Facebook, this IP address is anonymized (for “German” IP addresses). Facebook also stores information about the end devices of its users (e.g. as part of the “login notification” function); Facebook may thus be able to assign IP addresses to individual users.

If you are currently logged in to Facebook as a user, a cookie with your Facebook ID is stored on your device. This enables Facebook to understand that you have visited this page and how you have used it. This also applies to all other Facebook pages. Facebook buttons integrated into websites enable Facebook to record your visits to these websites and assign them to your Facebook profile. This data can be used to tailor content or advertising to you.

If you want to avoid this, you should log out of Facebook or deactivate the “stay logged in” function, delete the cookies on your device and close and restart your browser. In this way, Facebook information that can be used to directly identify you is deleted. This allows you to use our Facebook page without revealing your Facebook ID. When you access interactive functions on the site (like, comment, share, message, etc.), a Facebook login screen appears. After logging in, you will again be recognizable to Facebook as a specific user.

Information on how you can manage or delete information about you can be found on the following Facebook support pages: de-de.facebook.com/about/privacy

2.Instagram

When you activate the Instagram function (icon) on one of our pages, your browser automatically connects to Instagram’s servers. Data is sent to Instagram, stored and processed. And that’s regardless of whether you have an Instagram account or not. Instagram uses the same systems and technologies as Facebook. Your data will therefore be stored across all Meta Platforms Inc. across assigned companies (e.g. Facebook). Instagram is a social media platform of the company Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA. Instagram has been a subsidiary of (Facebook) now Meta Platforms Inc. since 2012. based in Menlo Park, California.

Since Instagram has a connection to Facebook, we can also use the data collected for personalized advertising on Facebook. This means that only people who are genuinely interested in our products or services receive our advertisements.

Instagram also uses the collected data for measurement and analysis purposes. We are able to access anonymized summarized statistical data and thus have a greater insight into wishes and interests.

The data transmitted includes information about our website, your computer, purchases made, advertisements you see and how you use our website. The date and time of your interaction with Instagram will also be saved. If you have an Instagram account or are logged in, Instagram stores significantly more data about you.

Facebook distinguishes between customer data and event data. It can be assumed that this is also the case with Instagram. Customer data includes, for example, name, address, telephone number and IP address. The above-mentioned “event data” is also transmitted. By “event data”, Facebook – and consequently Instagram – means data about your user behavior. It can also happen that contact data is combined with event data. The contact data collected is compared with the data Instagram already has about you.

The collected data is transmitted to Facebook via cookies that are set in the browser. Depending on the Instagram functions used and whether you have an Instagram account yourself, different amounts of data are stored.

Instagram shares the information it receives with companies that are part of Meta Platforms Inc. Integrated are e.g. Facebook as well as with external partners and with people you connect with worldwide. Data processing is carried out in compliance with our own data policy. For security reasons, among others, your data is distributed on servers all over the world.

Instagram (and Facebook) also processes data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may entail various risks for the lawfulness and security of data processing.

With the independent activation of the Instagram function via the icon, this is considered consent on the legal basis of data processing (Art. 6 para. 1 lit. a) GDPR).

Meta Platforms Inc. uses the following as the basis for data processing for recipients based in third countries (outside the European Union) or for data transfer there. (Instagram and Facebook) have standard contractual clauses approved by the EU Commission (Art. 46 (2) and (3) GDPR).

These clauses oblige Meta Platforms Inc to comply with the EU level of data protection when processing relevant data outside the EU. These clauses are based on an implementing decision of the EU Commission.

3.Pinterest

We have this account on which we exclusively share our recipe & product content to draw attention to our products and to give you the opportunity to like our content, save it to your boards and access our website via the individual posts or get in touch with us. Further information about our company and additional data protection information can be found on our website.

Every time you visit our Pinterest page, Pinterest collects, stores and uses visitor data.

As the operator of the Pinterest site, we have no interest in the collection and further processing of your individual personal data for analysis or marketing purposes. However, we also have no influence on this, as the collection and use of the data is carried out solely by Pinterest. Further information on our handling of personal data can be found in the privacy policy of the website above or contact us directly (datenschutz@byodo.de) on the subject.

The processing of personal data that we receive from users in the course of contacting us is carried out on the basis of the GDPR. Art. 6 para. 1 lit. f. GDPR and our legitimate interest in up-to-date information and interaction with our users and visitors. This data is deleted as soon as it loses its relevance to the contact.

 

Name and address of the person responsible

The joint controllers for the operation of our Pinterest page within the meaning of the General Data Protection Regulation and other data protection regulations are the:

Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103, USA
and
Byodo Naturkost GmbH, Leisederstrasse 2, 84453 Mühldorf, Germany

Processing of personal data by Pinterest.

As soon as you access our Pinterest page, your browser establishes a connection to Pinterest and transmits information.

 

Cookies

Pinterest uses cookies or similar technologies to record log data. These are small text files that are sent from the user’s computer each time they visit Pinterest and are unique to the respective Pinterest account or browser. Pinterest uses session cookies (which are deleted when the browser is closed) or persistent cookies (which are stored until they are deleted by you as the user or by the browser). Pinterest, for example, uses cookies that save your language settings or other settings so that you do not have to set them every time you log in to Pinterest. Some of the cookies used by Pinterest are associated with your Pinterest account (including your personal information such as the email address provided), while other cookies are not.

 

Protocol data

When you use Pinterest, the Pinterest servers automatically store information (“log data”), such as the information that your browser automatically transmits when you visit a website or information that your mobile app automatically sends when you use it. This log data includes the IP address, the addresses of websites visited with integrated Pinterest functions, as well as the activities carried out on them (e.g. the “Remember me” button), search histories, browser type and settings, the date and time of your request, the way Pinterest is used and cookie and device data.

You can find more information on what types of information Pinterest collects in the log at https://policy.pinterest.com/en/technical-information-we-collect-when-you-use-our-service.

 

Device information

In addition to the log data, Pinterest also collects information about the device on which Pinterest is used. This includes device type, operating system, settings, unique device identifiers and crash data, which is useful for Pinterest when troubleshooting. Whether Pinterest uses all of this information or only some of it depends on the type of your device and its settings. For example, different types of information are available on different platforms (smartphone, PC, tablet, etc.).

All data collected about you via our Pinterest page is processed by Pinterest and may be transferred to countries outside the European Union. More information about the information Pinterest receives and how it is used is described in Pinterest’s privacy policy, which can be found at https://policy.pinterest.com/de/privacy-policy.

Please note that Pinterest may transfer data outside the European Union and the European Economic Area and to a country that does not offer an adequate level of data protection. If the data is transferred to the USA, there is a risk that your data may be processed by US authorities for control and monitoring purposes without you having any legal recourse.

In what way Pinterest uses the data from the visit to the Pinterest page for its own purposes, to what extent activities on the Pinterest page are assigned to individual users, how long Pinterest stores this data and whether data from a visit to the Pinterest page is passed on to third parties is not conclusively and clearly stated by Pinterest and is therefore not known to us. All information on this can also be found in Pinterest’s privacy policy mentioned above.

 

Rights of Pinterest users

Further information about your rights under the GDPR can be found in the website’s privacy policy above.

Since only Pinterest has full access to user data, we recommend that you contact Pinterest directly if you wish to make requests for information or ask other questions about your rights as a user (e.g. right to deletion). If you need assistance with this or have any other questions, please contact us by e-mail at datenschutz@byodo.de or via the contact form.

 

Possibilities of objection

For information on how to contact Pinterest and how to take action regarding the data collected and processed by Pinterest, please refer to Pinterest’s privacy policy https://policy.pinterest.com/en/privacy-policy.

If you want to prevent Pinterest from being customized for you using information from websites or apps outside of Pinterest, you can find the relevant information here https://help.pinterest.com/de/articles/personalization-and-data and here https://www.pinterest.de/settings/.

You can also use the “Do not track” browser setting. You can find more information about how this affects the collection and use of non-Pinterest data here https://help.pinterest.com/de/articles/we-support-do-not-track.

You can find more information about Pinterest and other social networks and how you can protect your data (not just for young people) at www.youngdata.de.