Information how we use your data

When you access our website, information of a general nature is automatically collected. This information (server log files) includes, for example, the type of web browser, the operating system used, the domain name of your Internet service provider and similar information. This is exclusively information which does not allow any conclusions to be drawn about your person. This information is technically necessary in order to correctly deliver the contents of websites requested by you and is mandatory when using the Internet. Anonymous information of this kind is statistically evaluated by us in order to optimize our Internet presence and the technology behind it.

General information on data protection

Below you will find the data protection information for the website The person responsible for data processing via the named website is

BHI Biohealth International GmbH (hereinafter referred to as BHI)
Managing Director: Stefan Gebhardt
Heinrich-Wirth-Straße 13
D-95213 Münchberg/Germany

For the assertion of rights within the scope of data protection or if you have questions regarding the use, collection or processing of your personal data, please contact our data protection officer:

SBS Data Protect GmbH
Represented by the managing director Mr. Thilo Noack
Hans-Henny-Jahnn Weg 49
22085 Hamburg

Legal basis for the collection of personal data

The automatic collection and processing of personal data by the website may be based on different legal bases. These are among others:

1. Art. 6 para. 1 lit. a) GDPR – Consent
2. Article 6(1)(b) DPA – Contract
3. Article 6(1)(f) DPA – Balancing of interests

Data collection based on Art.6 para.1 sentence 1 letter f GDPR

The following types of data are collected due to legitimate interests:

IP address: Your IP address is truncated and cannot identify you directly.
Date and Time: We store the date and time of client requests sent to our server.
Time zone difference from Greenwich Mean Time (GMT): We use this information to determine your geographic location so we can track an attack.
Content of the page (requirements): We check the requirements you have for the page you are visiting and how long you stay on a page.
Access status/HTTP status code: We store and check (write) access to our systems.
Amount of data: We check the amount of data transmitted in each case.
Referrer links: We analyze websites that have led you to us.
Browser and device information: We store your browser version and the information of the device you use to visit our site.
Error log: We store failed attempts at logins to detect access by brute force attacks.

Further information is processed if there is a suspicion of an attack:
– Sessions
– Hits
– Files
– Items URL
– Client domains
– Browser review and logging of write accesses

These data are stored in log files (log files and/or error files). They are used for security analysis of our website. We evaluate this data in order to regularly optimise the security of our website. The data is automatically collected and stored when you visit

The data will be deleted after an evaluation. Usually after 60 days if no safety-related incidents are known. The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR. We have a legitimate interest in processing this data for IT security reasons in order to also comply with our obligations under Art. 32 GDPR.

Groups of persons concerned

Our website is aimed at all customers, employees, service providers, partners, applicants and other interested parties. We provide these groups of people with information about our contract manufacturing. BHI Biohealth International GmbH is a contract manufacturer for dietary supplements, dietary foods and powder mixtures. For this purpose, we optimise the production processes from product development to dispatch.

Security and protection of your personal data

The collection, storage, modification, transmission, blocking, deletion and use of your personal data is based on the applicable legal provisions, in particular the Basic Data Protection Regulation (GDPR).

We have taken technical and organisational measures to ensure that the regulations on data protection are observed both by us and by our external service providers.

Storage duration

We store your personal data for as long as it is necessary to achieve the respective purpose of the processing or the storage is subject to a legal retention period.

Data that we process on the basis of your consent will be stored until you revoke your consent.

We store data that we process to execute a contract with you for as long as the contractual relationship exists and, if necessary, beyond that, if legal retention periods oblige us to do so.

Data that we process on the basis of our legitimate interests will be stored as long as your interest in deleting the data does not outweigh our own.

Use of cookies

In addition to the data mentioned above, cookies are stored on your computer when you use our website.

Through the use of cookies it is possible to send back personal information from your end device to our web server and process it. The processing can be done by BHI. Other providers that we use for the analysis of browser and visitor information may view this information. We use this information to help us design the website for you and to make our website more user-friendly. Cookies contribute to the continuous improvement of our website in terms of content and visuals.

You also have the possibility to use our website without cookies. Please note that well-known internet browsers such as Google Chrome, Mozilla Firefox and Microsoft Edge have settings where you can manage the cookies. You can deactivate stored cookies or delete them from the browser you are using. Each type of browser has a help function that describes how cookies are managed in the browser. Please note that disabling or deleting some cookies may cause display and function problems.

We distinguish four types of cookies:

  1. absolutely necessary cookies (type a)
  2. functional and performance cookies (type b)
  3. cookies requiring consent (type c)
  4. management and deletion of all cookies

Essential cookies (type a)

Absolutely necessary cookies guarantee functions without which you cannot use our websites as intended. These cookies are used exclusively by us and are therefore first party cookies. This means that all information stored in the cookies is returned to our website. The use of absolutely necessary cookies on our website is possible without your consent. You have the possibility to manage the cookies in your browser settings at any time.

Functional and performance cookies (type b)

For this purpose, we use functional cookies in order to be able to analyse visitor behaviour on our website. These cookies help us to determine, for example, whether and which sub-pages of our website are visited and what content the users are particularly interested in. Specifically, we record in particular the number of times a page is accessed, the number of sub-pages called up, the time spent on our website, the sequence of pages visited, which search terms led you to us, the country, region and, if applicable, the city from which the access is made, as well as the proportion of mobile devices that access our website. As a result, we can tailor the content of our website more specifically to the needs of our users and optimise our offering. The IP address of your computer, which is transmitted for technical reasons, is automatically anonymised and does not allow us to draw conclusions about the individual user. You can object to the use of functional and performance cookies at any time by adjusting your cookie settings accordingly.

Legal basis: Art. 6 (1) f GDPR

Cookies requiring consent (type c)

Marketing cookies come from external advertising companies (third party cookies) and are used to collect information about the websites visited by the user in order to create targeted advertising for the user.

You can also manage cookies used for online advertising through tools developed in many countries as part of self-regulatory programs, such as, based in the United States, or, based in the EU.

In addition, you can set your Internet browser so that the storage of cookies is generally prevented on your end device or you are asked each time whether you agree to the setting of cookies. Once cookies have been set, you can also delete them at any time. How all this works in detail can be found in the help function of your browser.

Use of social media plug-ins

We currently use social media plugins to communicate with target groups. When a page is called up, visitor and browser data is transmitted to the respective plug-in provider. We would like to point out that we can only provide information on personal data within the scope of our activities. In this context, there is a joint responsibility with the BHI and the respective plug-in providers for processing your data in accordance with Art. 26 GDPR.

Google Maps

On our website the functions of Google Maps are integrated. This enables us to display interactive maps directly on the website and makes it easy for you to use the map function.

By visiting the website, Google receives the information that you have called up the corresponding subpage of our website. Google stores your data as user profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have a right of objection to the creation of these user profiles, and to exercise this right you must contact Google.

Information about your rights and settings to protect your privacy: .

Google also processes your personal data in the USA and has subjected itself to the EU-US Privacy Shield, .

This data processing is carried out on the basis of Art. 6 Para. 1 S.1 lit. f GDPR in order to safeguard the legitimate interests of BHI, namely the optimisation of our offer.

Further information about data processing by Google can be found in the Google privacy policy. We have concluded a contract with Google Maps on joint responsibility (Art. 26 GDPR). You can read this in the data protection centre and also change your personal data protection settings.

Receiver / transmission

By visiting our website, Google receives information that you have called up the corresponding subpage of our website. This is done regardless of whether or not you have a Google Account as a visitor.

Storage duration

We do not collect any personal data through the integration of Google Maps. Google may store and process your data for other purposes. This may result in different retention periods.

Use of our social media pages

Facebook fan page

BHI uses the technical platform and services of Facebook Ireland Ltd, 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland (hereinafter: Facebook) for the information service offered here. The website also contains a link to the Facebook fan page of BHI.

According to the ECJ, there is a joint responsibility within the meaning of Article 26 GDPR between Facebook and the operator of a Facebook fan page for the personal data processed via the Facebook fan page. For this reason, Facebook and BHI have concluded a joint responsibility agreement.

BHI provides you with the following information on data processing on our Facebook fan page:

Responsible persons

The processing of your personal data on BHI’s Facebook fan page is carried out under the joint responsibility of

Facebook Ireland Ltd., 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland

Data processing

When accessing a Facebook fan page, the IP address of your device is transmitted to Facebook. According to Facebook, this IP address is anonymized and deleted after 90 days, at least if it is a German IP address. In addition, Facebook stores further information about the end devices of its users, e.g. the Internet browser used. If necessary, Facebook is thus able to assign IP addresses to individual users. If you are logged in to your Facebook account while visiting our fan page, a cookie with your Facebook identification is stored on your end device. Based on this cookie, Facebook can track that you have visited our fan page and how you have used it. Facebook uses this information to provide you with content or advertising tailored to your needs.

If you do not want this, you should log out of your Facebook account or deactivate the “stay logged in” function. We also recommend that you delete the cookies on your device and close and restart your browser. This process will delete Facebook information that allows Facebook to link to you.

However, if you want to use the interactive functions of our fan page, you would have to log in to Facebook again with your Facebook login information. This will also allow Facebook to link to you again.

In what way Facebook uses the data from visits to Facebook pages for its own purposes, to what extent activities on the Facebook page are assigned to individual users, how long Facebook stores this data and whether data from a visit to the Facebook page is passed on to third parties is not conclusively and clearly stated by Facebook and is not known to us. In this respect, we can only refer you as a user of our fan page to Facebook’s statements on data protection.

The data collected about you in this context is processed by Facebook and may be transferred to countries outside the European Union.

What information Facebook receives and how it uses it is described in general terms in Facebook’s data use guidelines. There you will also find information about how to contact Facebook and about the settings for advertisements. The Data Use Guidelines are available at the following link:

The complete Facebook data guidelines can be found here:

The Facebook privacy policy contains further information on data processing:

Possibilities of objection (so-called opt-out) can be set here: and here

Facebook Inc, the US parent company of Facebook Ireland Ltd. is certified under the EU-U.S. Privacy Shield and is thus committed to comply with European data protection law. Further information on Facebook’s privacy shield status can be found here: .

The transfer and further processing of personal data of users to third countries, such as the USA, as well as the associated possible risks for you as a user cannot be assessed by us as the operator of the Facebook fan page.

Legal basis of the Facebook fan page and its operation: Art. 6 para. 1 p.1 lit f GDPR

Storage duration

We store the information transmitted by Facebook at most for as long as your interest in deletion or anonymization does not outweigh the information you provide.

If you no longer wish to receive the data processing described here in the future, please remove the link between your user profile and our fan page by using the functions “I no longer like this page” and/or “Do not subscribe to this page”.

Your rights as a data subject

We recommend that you address any requests for information or other questions regarding your rights, which are listed at the end of this privacy policy, directly to Facebook, as only Facebook has full access to the user data. Should you nevertheless address your request to us, it will of course still be processed and additionally forwarded to Facebook.


We run a Twitter account. The features of this site are provided by Twitter, Inc, 1355 Market St, Suite 900, San Francisco, CA 94103, USA. When you access our pages with Twitter plug-ins, a connection is established between your browser and the servers of Twitter. Data is already being transferred to Twitter. If you have a Twitter account, this data can be linked to it. Interactions, especially clicking a “Re-Tweet” button, are also passed on to Twitter. You can find out more at: Legal basis Art. 6 para. 1 p.1 lit f GDPR

Inquiries via contact forms and e-mail

If you contact us by e-mail, the information you provide will be stored for the purpose of processing your enquiry and for possible follow-up questions.

The data you provide, such as first name, last name, company, e-mail address, telephone number, function, country and, if applicable, personal information, will be stored by us to answer your questions.

Please note that all information is voluntary. You can also contact us in another way. The person concerned is free to decide which data is transmitted to us. This data may include the following information, for example:

– Personal Information
– Information on the social and professional situation
– Information for the financial situation
– Information on the state of health
– Information about personal interests and preferences

We delete the data arising in this connection after storage is no longer necessary, e.g. when your request has been dealt with. Otherwise the processing will be restricted if there are legal obligations to retain data. The legal basis for this is Art. 6 para. 1 sentence 1 lit. a, b and f GDPR.


Our newsletter from BHI contains news, offers and further information about our services for interested parties and customers. You do not need to register for our newsletter. We do not collect personalized information for the creation of our newsletter. We do not send it electronically to interested parties. All newsletters are public and can only be accessed on our website.

Collection of personal data upon conclusion of contract and payment

In the case of contractual relationships, the legal basis is the contract from Article 6 GDPR, which we have concluded with you. Art. 6 para. 1 sentence 1 lit. b GDPR is the legal basis for processing such requests. If you wish to make an enquiry via our website, it may be necessary for the conclusion of the contract to provide your personal data, which we need to process your enquiry.

In the context of an order we store the following personal data:

– Name,
– Address,
– Phone number,
– e-mail address,
– Possibly a different delivery address,
– Possibly an existing sales tax ID number
– Payment data.

We use this data exclusively for the purpose of implementing the contract and the communication with you that is necessary in this respect. This includes the initiation, the conclusion, the processing, the warranty as well as the reversal of the sales contract if necessary. The data will be stored by us until the complete execution of the sales contract. As far as commercial and fiscal retention periods (AO, HGB) exist, the duration of storage can be up to 10 years.

The recording and processing is carried out within the framework of the contract concluded between BHI and the customer in accordance with Art. 6 Para. 1 S. 1 lit. b GDPR. The legal basis for further storage for tax and commercial law reasons is the requirement by law according to Art. 6 Para. 1 S. 1 lit. c GDPR. The partial evaluation of contract data for controlling purposes is in the legitimate interest of BHI to be able to optimally position our company on the market in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR.

Application procedure

BHI collects and processes personal data from applicants in the course of contract preparation. Applicant data can be transmitted by post or e-mail. Applicant data will only be stored and processed in accordance with statutory data protection requirements.

Access to application documents is restricted to the employees involved in the process. Other persons are not allowed to view application documents. If an application is unsuccessful, the application documents are always deleted or returned to the applicant. However, BHI may retain the documents for a certain period of time in order to defend itself against any violation of the prohibition of discrimination under the General Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz, AGG) in accordance with § 15 para. 4 AGG. Therefore, in case of a rejected application, application documents will be returned to the applicant after 2-3 months from receipt of the rejection or destroyed. The letter of application, which often contains sensitive information, is also part of the application documents. If the application is successful, the application documents are kept in the personnel file.

The legal basis for the processing of this data is §26 BDSG in conjunction with Art. 6 para. 1 sentence 1 lit. b GDPR.

Data transmissions

We will only pass on your personal data to third parties to the extent that this is necessary to implement the contract or to protect our legitimate interests. We also use external service providers (contract processors) for the execution of the contract. Separate commissioned data processing contracts have been concluded with these service providers to ensure the protection of your personal data.

  1. a) For the purpose of the so-called hosting of our server systems as well as the technical administration of the IT systems required for hosting, data of website visitors, customers or other interested parties of our offer may be processed by our external service company. These are log files. The data categories can be seen in the section above “Data collection based on Art.6 para.1 p.1 lit. f GDPR”.
  2. b) To process orders, the customer’s first name, surname, address, e-mail address, telephone number and payment data are forwarded to our external processing service provider.
  3. c) To execute the delivery, the first name, surname, address, e-mail address and telephone number of the customer will be forwarded to external shipping companies for the execution of the delivery.
  4. d) For the purpose of payment processing, the customer’s payment data, namely first name, surname, address, e-mail address, telephone number, date of birth, IBAN, BIC and IP address are forwarded to credit institutions or payment intermediaries, depending on the payment method you have chosen.
  5. e) In order to process our accounting, we pass on personal data, namely first name, surname, address, e-mail address and telephone number in connection with customer orders to our external accounting service provider.

The data transfer to the service providers mentioned under 9 a) – e) is carried out for the purpose of implementing the contractual relationship with you as a customer and to protect our legitimate interests. The legal basis for this data processing is Art. 6 para. 1 sentence 1 lit. b and lit. f GDPR.

Revocation of consent

If the processing of personal data is based on a granted consent, you have the right to revoke this consent at any time. Revocation of consent does not affect the lawfulness of the processing that has taken place on the basis of the consent until revocation.

You can contact us at any time to exercise your right of revocation.

Your rights as a data subject

You have the right to receive information about your personal data stored by us at any time. You also have the right to correction, blocking or, apart from the prescribed data storage for business transactions, deletion of your personal data and data transfer. Please contact one of our contact persons for this purpose. You will find the contact details at the bottom.

In order to be able to take into account a blocking of data at any time, these data must be kept in a blocking file for control purposes. You can also request that the data be deleted, provided there is no legal obligation to archive it. If such an obligation exists, we will block your data upon request.

You can make changes or withdraw your consent by notifying us accordingly with effect for the future.

Notwithstanding the rights you have vis-à-vis us, you also have the right to complain to a supervisory authority, in particular in the member state of your residence, place of work or place of suspected infringement, if you believe that the processing of personal data concerning you is in breach of the GDPR.

The supervisory authority to which the complaint has been submitted will inform you of the status and the results of the complaint, including the possibility of a judicial appeal under Art. 78 GDPR.

A list of all supervisory authorities can be found here:

We hope that this information has helped you to exercise your rights. If you would like more detailed information on the data protection regulations, we are at your disposal.

Changes to our privacy policy

We reserve the right to adapt this data protection declaration from time to time so that it always meets the current legal requirements or to implement changes to our services in the data protection declaration, e.g. when new services are introduced. The new data protection declaration then applies to your renewed visit.

Privacy policy for participants in our online surveys

  1. content of these notes
    We hereby inform you about your data processing within the scope of this survey. In addition, you will receive information that is legally required by the General Data Protection Regulation.
  1. responsible person and data protection officer
    Responsible person in the sense of the GDPR:
    BHI Biohealth International GmbH, Heinrich-Wirth-Straße 13, 95213 Münchberg, Germany
    Data Protection Officer: Thilo Noack, Contact:
  1. data and purposes of use
    Our mailing or newsletter contains a general link to the survey or a personalised link.
    Participation is voluntary and we will store your data with a personal reference.
  1. storage period
    The data for participation in the survey, i.e. the link to your email address, is only stored until the end of the complete survey (up to 12 months). We then anonymise it.
  1. data recipient
    We use external service providers for the survey, which is encrypted accordingly.
    Your data will not be transferred to or processed in countries outside the EU.
  1. legal basis
    The legal basis for the collection and use of your answers is the implementation of the legal relationship that arises between you and us with your participation in the online survey, Art. 6 para. 1 lit b) GDPR.
  1. documentation (electronic log files)
    As part of the technical processing of the online surveys, certain data is collected for technical reasons.
    When you call up an individual page of the online survey, our web servers record the IP address of your computer, the address (URL) of the page called up, the date and time of the call-up, any error messages and, if applicable, the operating system and browser software of your end device as well as the website from which you are visiting us in a log file as standard.
    We use the log file data exclusively to ensure the functionality of our services (e.g. error analysis, ensuring system security and protection against misuse) and delete it after 90 days. We do not link log file data to your name, email address or responses.
    Insofar as log file data qualify as personal data in individual cases, the legal basis for the processing of log file data is our legitimate interests (error analysis, ensuring system security and protection against misuse), Art. 6 para. 1 lit. f) GDPR.

You can find more information at

Questions on data protection

If you have any questions regarding data protection, please write us an e-mail or contact us in writing.

Status of the privacy policy: 15.01.21