Privacy Policy for

This website collects personal data from its users.

This document can be printed for archival purposes using the "Print" command in the browser.

  1. Provider and Responsible Party

Johannes Vimalavong
Pfarrer-Vogt-Str. 10
37359 Küllstedt

Email address of the provider:

  1. General Information

We process your data only if you have consented to this (Art. 6 (1) (a) GDPR), we have a legitimate interest in processing (Art. 6 (1) (f) GDPR), we need it to fulfill the contract with you according to Art. 6 (1) (b) GDPR, or it is necessary to fulfill a legal obligation (Art. 6 (1) (c) GDPR), to provide you with the best possible shopping experience on our website. 

Specifically, this means that we process personal data in the following cases:

  • when you visit our website (Section IV)

  • when you set up a user account with us (Section V),

  • when you place an order with us (Section VI),

  • for data processing for the operation of our website and the handling of certain payment methods (Section VII),

  • for contacting us (Section VIII),

  • for advertising purposes (Section IX),

  • when we use cookies (Section X).

Should we wish to collect and process data from you beyond this, we will inform you separately before collection and processing, including the explanation of the legal basis, and if necessary, obtain your consent.

At no time do we process special categories of personal data (such as health data).

2.1 Detailed Information on Personal Data

Personal data refers to information about your person. In particular, we process the following personal data ("collectively referred to as "data"):

  • Your name, address, email address, gender, phone number, encrypted password for the customer account, and, if applicable, your date of birth,

  • Your order data, the products you have purchased, the services used, payment information, your preferences regarding product types,

  • Your data generated while using our online services,

  • Data we receive in certain cases from our service providers (e.g., from credit agencies or payment service providers),, 

  • Information regarding the initial interactions on our website (e.g., the date of your first registration),

  • Data on your behavior related to browsing on our website (e.g., clicking on a product),

  • Data on your behavior related to actions in our newsletter (e.g., clicking on a link in the newsletter),

  • Login data (date and time when you logged into our website).

  1. Data Processing When Visiting Our Website

When you visit our website, the provider of our website collects and stores the following information in so-called server log files, which your browser automatically transmits to us:

  • the IP address of your internet service provider,

  • the website from which you visit us and the websites you visit on our site,

  • information about the browser and operating system used,

  • if applicable, your email address that you use to log in to our website,

  • identification numbers that we store on your device. With these identification numbers, we can recognize your device on the website. Technically, these identification numbers are stored in so-called cookies or eTags.

This information is essential for the technical transmission of the website and the secure server operation. When you visit our website, we assign you an individual customer ID, which we only combine with your email address for forensic reasons if an error occurs on the website. The server log files are stored for 365 days and then deleted.

The processing is carried out according to Art. 6 (1) (f) GDPR based on our legitimate interest in improving the stability and functionality of our website.

  1. Data Processing When Setting Up a User Account

The function to create a user account is deactivated on at the time of the validity of the privacy policy. As soon as this function is activated, you will find detailed information on data processing here.

  1. Data Processing for Order Fulfillment

When you place an order with us, the processing of your data is for the purpose of concluding and fulfilling the contract as well as handling your order, including payment and delivery. We delete your personal data processed in the context of orders no later than the expiry of statutory retention periods. The following data is collected:

  • First name

  • Last name

  • Street and house number

  • Additional address/company/c/o

  • Postal code

  • City

  • Country

  • Email address

This data is used to receive, process, and fulfill your order. The legal basis for this is Art. 6 (1) (b) GDPR. We store the information about your purchase in your customer account, so the storage duration specified there applies. If you do not have a customer account with us, your data will be processed for 3 years for the purposes mentioned here.

Additionally, we forward the necessary data to the shipping service provider chosen by you for the purpose of delivering the products so that we can deliver the desired products to you. To ensure the best and fastest possible delivery, we print your phone number on the shipping label in addition to your address data. This ensures that the person delivering the package can contact you if they do not find you immediately or have other difficulties with the delivery. This purpose also constitutes our legitimate interest, which justifies the associated data processing (Art. 6 (1) (f) GDPR).

5.1. Choice of Payment Method
After selecting the payment method, you will be asked for the data required to use the respective payment service provider. This payment information is directly forwarded to the respective payment service provider and is not stored by us. Further information on the offered payment methods can be found in our General Terms and Conditions (GTC).

5.2. PayPal

If you choose the payment method "PayPal (Braintree)", your personal data (first and last name, delivery address, email address, phone number, the amount to be paid, and IP address) will be transmitted to PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, so that you can authorize the payment to us via PayPal. For this, you need a PayPal account. With this payment method, you can pay with one click without having to log in to PayPal with all your data for each purchase. Further information can be found at: The legal basis for this is Art. 6 (1) 1 lit. b GDPR.

5.3. Data Processing After Purchase for Advertising Purposes

Unless you object, we will use your email address and phone number after the purchase to send you advertising about our products, offers, or services via email. We use information about you, for example from previous purchases or surveys, to tailor the advertising to you. Additionally, we analyze certain usage data in these newsletters, such as clicked links, opened pages, etc. You can object to this use at any time. For more details, please refer to the explanations of your right to object below. The legal basis for this is Art. 6 (1) (f) GDPR. Our legitimate interest is to send you advertising and gain insights from your usage.

  1. Data Processing for the Operation of Our Website and Processing of Certain Payment Methods

6.1 Shopify

Your personal data will be transferred to Shopify International Limited, Victoria Buildings 1-2, Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify"). Your data may be transferred to and stored on Shopify's servers in the United States. The legal basis for such transfer is the European Commission's adequacy decision of July 10, 2023 (the so-called Privacy Shield) pursuant to Article 45 of the GDPR in conjunction with the EU Standard Contractual Clauses. Shopify is used to provide our online store and process your payments. Therefore, the legal basis is our legitimate interest under Article 6 (1) (f) GDPR or the performance of your contract under Article 6 (1) (b) GDPR. Depending on the processing activity, Shopify acts as our data processor or data controller.

For further information on data processing and data protection by Shopify, please refer to"

  1. Data Processing When Contacting Us

You have various options to contact us. You can reach our customer service:

  • by phone,

  • by postal mail,

  • by email, or

  • by contact form.; For this purpose, we use the external service provider Formspark, owned by Trampoline Software SRL. For more information on data processing and privacy, please visit:

To process your inquiry, we collect your name, email address, phone number, customer, order, and item numbers, as well as any other information you provide to us. The legal basis for this processing is Art. 6 (1) (b) GDPR (contract performance - processing the user's data is necessary for fulfilling the agreement regarding the response to inquiries or concerns) and Art. 6 (1) (f) GDPR (legitimate interests - based on our interest in handling inquiries from users of our website).

  1. Data Processing for Advertising Purposes

8.1 Newsletter

We use MailChimp as our newsletter provider to send our newsletter. MailChimp is offered by The Rocket Science Group, LLC, 512 Means St. Suite 404, Atlanta, GA 30318, USA (“MailChimp”). When you register for our newsletter, the data you provide during the registration process will be transferred to MailChimp and stored there. After registration, MailChimp will send you an email to confirm your registration ("double opt-in"). MailChimp provides extensive analysis capabilities for newsletter usage. These analyses are conducted on a group basis and are not used by us for individual evaluation.

For data transfer to the USA, we have established so-called standard data protection clauses with MailChimp. Upon request, you can receive a copy by contacting

For more information about MailChimp and data protection at MailChimp, please visit:

8.2 Participation in Contests

When you participate in contests, we only process data that is necessary for the execution of the contests. Please refer to the respective privacy notices in the terms and conditions of each contest.

8.3 Social Media

8.3.1 Facebook und Instagram

We operate pages (so-called "fan pages") on the social networks Facebook and Instagram jointly with Facebook Inc., 1601 Willow Road, Menlo Park, California, 94025, USA (“Facebook”), to communicate with followers (such as our customers and interested parties) and to inform about our products, contests, and other promotions. You can view the agreement with Facebook here: In doing so, we may receive statistics from Facebook regarding the use of our fan pages (e.g., information about the number of users, names, interactions such as likes and comments, as well as aggregated demographic and other information or statistics). Further information on the type and scope of these statistics can be found in the Facebook Page Insights and additional information on respective responsibilities can be found in the Facebook Page Insights Supplement. The legal basis for this data processing is Art. 6 (1) (f) GDPR based on our aforementioned legitimate interest.

We do not have control over data processed independently by Facebook under Facebook's terms of use. However, we would like to point out that when visiting the fan pages, data about your usage behavior on Facebook and the fan pages is transmitted to Facebook. Facebook processes this information to create more detailed statistics and for its own market research and advertising purposes, over which we have no control. For more information, please refer to Facebook's Data Policy. If we receive your personal data in operating the fan pages, you have the rights mentioned in this privacy policy. If you wish to assert your rights against Facebook beyond this, you can most easily do so by contacting Facebook directly. Facebook has detailed knowledge of the technical operation of the platforms and the associated data processing, as well as the specific purposes of data processing, and can implement appropriate measures upon request when you exercise your rights. We are happy to support you in asserting your rights to the extent possible and will forward your inquiries to Facebook.

8.3.2 YouTube Kanal

We use the platform to upload our own videos and make them publicly accessible. YouTube is operated by a third party not affiliated with us, namely YouTube LLC operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

When you access our YouTube channel, your browser establishes a connection to YouTube and transmits information. Data collected by YouTube includes unique identifiers, browser type and settings, device type and settings, operating system, information about the mobile network such as the mobile service provider's name and phone number, and app version number. YouTube also collects data about interactions of your apps, browsers, and devices with its services. This includes, among other things, IP address, crash reports, system activities, as well as the date, time, and referrer URL of your request. In addition, YouTube collects data about your activities (e.g., search terms, videos viewed, etc.).

All data collected about you through our YouTube channel is processed by YouTube. Further details about the information YouTube receives and how it is used are described in the privacy policy available at

Additionally, we occasionally embed videos stored on YouTube directly on our website. When embedded, parts of a browser window display content from the YouTube website. However, YouTube videos are only accessed by separate clicking. This technique is also known as "framing". When you visit a (sub)page of our website where YouTube videos are embedded in this manner, a connection to YouTube servers is established, and the content is displayed on the website by notifying your browser. The embedding of YouTube content is done in "extended data protection mode". This mode is provided by YouTube itself and ensures that YouTube does not initially store cookies on your device. However, when you access the relevant pages, your IP address and other data (e.g., website from which the request originates (link), browser used) are transferred. This information cannot be attributed to you unless you are logged into YouTube or another Google service (e.g., Google+) before accessing the page or are permanently logged in. Once you start playback of an embedded video by clicking, YouTube only stores cookies on your device in the extended data protection mode that do not contain personally identifiable information, unless you are currently logged into a Google service. These cookies can be prevented by appropriate browser settings and extensions.

  1. Cookies

We use cookies on our website. Cookies are small text files that are transferred from an internet server to your browser and stored on your hard drive. There are session cookies that are deleted as soon as you close your browser, and there are permanent cookies that are stored on your device for a longer period or indefinitely.

Depending on the selection of cookies you choose, when you revisit the website with the same device, the information stored in the cookies is sent to our website or to another website to which the cookie belongs. This helps us optimize and display our website according to your preferences. You can manage your cookie preferences at any time under the "Cookie Settings" button.

In general, we distinguish between four different cookie categories:

1. Necessary Cookies 

enable essential functions and are necessary for the proper functioning of the website. For example, they ensure that you remain logged in as a registered user when accessing various subpages of our website, so you do not have to re-enter your login details each time you visit a new page. The legal basis for using strictly necessary cookies on our website is Art. 6 (1) lit. f) GDPR (legitimate interest, specifically in the technically flawless provision of our website and the services offered through it). The use of strictly necessary cookies is possible and permissible without your prior consent.

You can also visit our website without accepting strictly necessary cookies. If you do not want your computer to be recognized on your next visit, you can also refuse the use of cookies by changing the settings in your browser to "reject cookies." You can find the specific procedure in the user manual of your respective browser. However, if you refuse the use of cookies, there may be limitations in the use of certain areas of our website.

In addition, we use the following cookies, but only if you have given us your consent for their use: 

2. Functional Cookies 

enable our website to store information you have already entered (such as registered name) and provide you with enhanced and more personalized features. If you do not allow these cookies, some of these services may not function properly.

3. Analytic-Cookies 

allow us to count visits and traffic sources so that we can measure and improve the performance of our website. They help us answer questions about which pages are most popular, which are least used, and how visitors move around the website. All information collected by these cookies is aggregated and therefore anonymous. If you do not allow these cookies, we will not know when you have visited our website.

4. Marketing Cookies

may be set through our website by our advertising partners. They are used to gather information about the websites you visit and to present you with tailored advertisements. They do not directly store personal data but rely on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

9.1 Details of Individual Cookies

Our website uses cookies for "conversion tracking" when you click on an advertisement provided by Google. This is used to determine whether a visitor arrived on our website via a Google advertisement. Google employs cookies that are stored on your computer and enable an analysis of website usage. If you would like to learn more about these methods, click here:

For visually enhanced display of various information on our website, we use Google Webfonts ( These webfonts are transferred to the browser's cache when you visit the website to enable their display. If your browser does not support Google Webfonts or prevents access, the text will be displayed in a standard font. Data transmitted in connection with page views is sent to resource-specific domains such as or This data is not associated with any data collected or used in conjunction with the parallel use of authenticated Google services such as Gmail. You can configure your browser to block Google Fonts from being loaded (for example, by installing add-ons like NoScript or Ghostery for Firefox). If your browser does not support Google Fonts or if you block access to Google servers, the text will be displayed in your system's standard font. For information on Google Webfonts privacy policy, visit:

We use cookies from Google Analytics, a web analytics service provided by Google, on our site. This allows us to associate data, sessions, and interactions across multiple devices with a pseudonymous user ID, enabling cross-device analysis of user activities. Google Analytics uses cookies to analyze your use of the website. If IP anonymization is activated on this website, your IP address will be truncated by Google within member states of the European Union or other parties to the Agreement on the European Economic Area before transmission. We would like to point out that Google Analytics on this website has been extended to include IP anonymization (so-called IP masking) to ensure anonymous collection of IP addresses. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google. For more information on terms of use and data protection, please visit On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compile reports on website activity, and provide other services related to website activity and internet usage to the website operator. The legal basis for the use of Google Analytics is your consent pursuant to Art. 6 (1) lit. a) GDPR. The recipient of the data collected is Google. The data sent by us and linked to cookies, user identifiers (e.g., User-ID), or advertising IDs will be automatically deleted after 14 months. Data that has reached its retention period will be automatically deleted once a month. As with all cookies, you can revoke your consent at any time, see Section XI for details. In addition, you can prevent Google from collecting and processing the data generated by the cookie and related to your use of the website (including your IP address) by installing the opt-out browser add-on available at Opt-out cookies prevent the future collection of your data when visiting this website. To prevent data collection across different devices via Google Analytics, you must perform the opt-out on all systems used.


This website uses Google's remarketing function. The function is designed to show interest-based advertisements to website visitors within the Google advertising network. The technology enables us to display automatically generated, targeted advertising to you after your visit to our website. The ads are based on the products and services you clicked on during your last visit to our website. Google typically stores information such as your web request, IP address, browser type, browser language, date, and time of your request. This information is used to associate your web browser with a specific computer. On the pages of the Google advertising network, visitors may then be presented with advertisements that relate to content they have previously accessed on websites using Google's remarketing function. If you have agreed to Google linking your browsing history with your Google account and using information from your Google account for ad personalization at, the remarketing function will also operate across devices. Google collects your Google ID for the purpose of cross-device recognition. According to Google's own statements, they do not generally collect personal data during this process. For more information on how Google uses cookies, you can refer to Google's privacy policy.

Our website uses GA Audience, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: GA Audience). GA Audience uses cookies, which are stored on your computer and other mobile devices (e.g., smartphones, tablets, etc.), enabling analysis of the usage of these devices. The data is evaluated across devices in part. Google Audience thereby accesses cookies created within the scope of using Google AdWords and Google Analytics. For further information on data protection when using GA Audience, please refer to the following link:

9.1.6 Google Customer Match

We also use Google Customer Match by Google, which allows us to display interest-based advertising to visitors of our website based on their previous browsing behavior on our website and third-party websites, as well as in apps and emails. Google uses cookies or advertising IDs for this purpose. The relevant data may be transferred to servers in the USA and stored there. The legal basis for this is the adequacy decision of the European Commission dated July 10, 2023 (so-called Data Privacy Framework) pursuant to Art. 45 GDPR or Art. 49 para. 1(a) GDPR in conjunction with your consent. The legal basis for the processing of your data is your consent, Art. 6 para. 1 sentence 1(a) GDPR in conjunction with § 25 para. 1 TTDSG. This means that we do not use this service unless you have consented to its use. You can revoke your consent at any time with effect for the future, most easily through our consent manager. If you wish to opt out of receiving interest-based advertising through Google Customer Match, you can also do so via the following websites:; For more information on Google's privacy compliance, please visit: .

We use the provider YouTube to embed videos on our website. The videos have been embedded in extended data protection mode. However, like most websites, YouTube also uses cookies to collect information about visitors to their website. YouTube uses these cookies, among other things, to collect video statistics, prevent fraud, and improve their services. This also involves connecting to the Google DoubleClick network. Starting the video may trigger further data processing operations, over which we have no control. For more information about privacy at YouTube, please refer to their privacy policy at:


We use Facebook Custom Audiences with the so-called pixel function ("Facebook Pixel") and the server-side Conversion API of Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Meta") on our website to display interest-based advertising ("Facebook Ads") to you when visiting the social network Facebook or other Facebook-affiliated apps and websites, and to measure user behavior. The legal basis for processing your data is your consent, Art. 6 para. 1 S. 1 lit. a GDPR in conjunction with § 25 para. 1 TTDSG. This means that we do not use these advertising tools unless you have consented to the use of Facebook Custom Audiences or Pixel. You can revoke your consent at any time with effect for the future, most easily through our consent manager. Furthermore, if you are logged into your Facebook account, you can also object to data processing using the following link:

After Facebook Pixels are integrated into our website, your browser automatically establishes a direct connection with Meta's servers so that web events from your browser can be transmitted to Meta via a server connection for advanced matching with the integrated Facebook Pixel. This allows Meta, for example, to receive information that you clicked on a specific ad or product on our website, enabling us to display ads to you based on your interests. Using the Facebook Pixel and API, we can also track the effectiveness of Facebook advertisements by determining whether users were redirected to our website after clicking on a Facebook ad and interacted with our products (so-called "conversion"). If you are registered with a Meta service, Meta can associate your website visit with your account. This is because your personal data, such as hashed email address, IP address, mobile advertiser ID, Facebook app user ID, Facebook page user ID, and your location ("personal data"), is transmitted to Meta in hashed form via the pixel and partly enriched with existing tracking data. Even if you are not registered with Facebook or not logged in, Meta may still obtain and use your personal data to create your profile. We also use the Facebook Remarketing tool Custom Audiences, which also utilizes the Facebook Pixel, to display interest-based advertisements during your visit to our website or other websites that also integrate the Facebook Pixel, aiming to make our website more appealing to you. The collected information is stored on Meta's servers, including those in the USA. Meta has stated that it adheres to a standard equivalent to the former EU-US Privacy Shield and has committed to complying with applicable data protection laws during international data transfers. Additionally, we have agreed to so-called Standard Contractual Clauses with Meta, aimed at ensuring an adequate level of data protection in third countries. Meta processes this data as our processor. Details on data processing can be found in Facebook's terms of use agreement: and in Facebook's privacy policy: . As far as personal data collected on our website and transmitted to Meta through the tool described here, we and Meta are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited to the collection of data and its transmission to Meta. The processing carried out by Meta after the transmission is not part of the joint responsibility. Our joint obligations have been documented in a joint processing agreement. You can find the wording of the agreement at: According to this agreement, we are responsible for providing data protection information when using the Facebook tool and for the privacy-compliant implementation of the tool on our website.

  1. Secure Data Transmission and Data Security

We have implemented technical and administrative security measures to protect your personal data against loss, destruction, manipulation, and unauthorized access. All our employees as well as service providers acting on our behalf are obligated to comply with applicable data protection laws.

Whenever we collect and process personal data, it is encrypted during transmission. This means that your data cannot be misused by third parties. Our security measures undergo continuous improvement, and our privacy policies are regularly updated and revised.

  1. Your Rights

You have the right to request information about, correct, delete, or restrict the processing of your stored data at any time. You also have the right to object to the processing of your data, as well as the right to data portability and the right to lodge a complaint in accordance with the requirements of data protection law.

  • Right to information:
    You can request information from us about whether and to what extent we process your data.

  • Right to rectification:
    If we process your data that is incomplete or incorrect, you can request at any time that we correct or complete it.

  • Right to erasure:
    You can request us to delete your data if we process it unlawfully or if the processing disproportionately interferes with your legitimate protection interests. Please note that there may be reasons that prevent immediate deletion, for example, in the case of legally regulated retention obligations. Regardless of exercising your right to erasure, we will promptly and completely delete your data, unless there is a corresponding contractual or legal obligation to retain it.

  • Right to restriction of processing:
    You can request us to restrict the processing of your data if:

    • you dispute the accuracy of the data, for a period allowing us to verify the accuracy of the data,

    • the processing of the data is unlawful, but you oppose the deletion of the data and instead request a restriction on their use,

    • we no longer need the data for the intended purpose, but you still need the data to assert or defend legal claims, or

    • you have objected to the processing of the data.

  • Right to data portability:
    You can request that we provide you with your data that you have provided to us in a structured, commonly used, and machine-readable format, and that you have the right to transmit this data to another controller without hindrance from us, provided that - we process this data based on your consent, which you can revoke, or for the performance of a contract between us, and - this processing is carried out by automated means. Where technically feasible, you can request us to transmit your data directly to another controller.

  • Right to object:
    If we process your data based on legitimate interests, you have the right to object to this processing at any time; this also applies to profiling based on these provisions. We will then no longer process your data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims. You can object to the processing of your data for the purpose of direct marketing at any time without providing a reason.

  • Right to lodge a complaint:
    If you believe that we are violating German or European data protection laws in processing your data, we ask that you contact us to clarify any questions. You also have the right to lodge a complaint with the relevant supervisory authority, the respective State Commissioner for Data Protection.

If you wish to exercise any of these rights against us, please contact us at We may request additional information to confirm your identity if necessary.

  1. Changes to this Privacy Policy

We reserve the right to make changes to this privacy policy at any time by informing users on this page and, if technically and legally feasible, by sending a notification through the contact details provided by the users on this website. Users are therefore advised to visit this page regularly and especially to check the date of the last modification indicated at the bottom of the page.

If changes affect data usage based on user consent, the provider will, if necessary, obtain new consent.

Effective Date: July 2024

place the


on your nightstand

Become part of the Baiosphere family!

By submitting this form, you consent to Baiosphere processing your data in accordance with the Privacy Policy. Your data will only be used to send you the newsletter. You can unsubscribe at any time by clicking on the link in the footer of our emails.

© Copyright 2024