Privacy Policy of PhytoLab

Welcome to our website and thank you for your interest in our company. We take the protection of your personal data very seriously. We process your data in accordance with applicable personal data protection legislation, especially the European Data Protection Regulation (EU-GDPR) and any further privacy legislation to which we may be subject. This privacy statement provides comprehensive information on how the PhytoLab GmbH & Co. KG is processing your personal data as well as on the rights to which you are entitled as a data subject.

Personal data is any information that makes it possible to identify a natural person. This includes, in particular, your name, date of birth, address, telephone number, email address and IP address.

Anonymous data is available if no personal reference to the individual/user can be made. 

Controller and data protection officer

PhytoLab GmbH & Co. KG
Dutendorfer Straße 5-7
91487 Vestenbergsgreuth

Tel.: +49 9163 88-216
Fax: +49 9163 88-349

Contact info of the data protection officer

Your rights as a data subject

Your rights as a data subject are set out in Articles 15 - 22 EU-GDPR, and include:

  • the right of access (Art. 15 EU-GDPR)
  • the right to deletion (Art. 17 EU-GDPR)
  • the right to rectification (Art. 16 EU-GDPR)
  • the right to data portability (Art. 20 EU-GDPR)
  • the right to restriction of data processing (Art. 18 EU-GDPR)
  • the right to contradict a data processing (art. 21 EU-GDPR)

To exercise these rights, please contact The same applies if you have any questions regarding data processing in our company or when you intend to withdraw your consent. You also have a right of appeal to the relevant data protection supervisory authority. 

Right to Contradiction

Concerning the right to contradiction, please consider the following:

If we should process your data for direct marketing purposes, you are entitled to contradiction against such processing anytime and without having to name any reason. That is also valid in case of a profiling if such is related to direct marketing.

If you declare to contradict a processing, we will terminate processing your data for such purposes. Notes of contradiction shall preferably be sent to

Should we process your data for reasons of prevailing interest, you are entitled to contradict such processing any time for reasons emerging from your specific situation. That is also valid for a profiling, if such is based on the underlying provisions.

We will then terminate processing your personal data, if not we can prove compelling reasons worth protection which we can base the processing on and which are outweighing your rights and freedoms or in case the processing is required to assert, implement or defend a legal claim.

Purposes and legal bases of data processing

The processing of your personal data complies with the provisions of the EU-GDPR and all other applicable data protection regulations. Legal bases for data processing arise in particular from Art. 6 EU-GDPR.

We use your data to initiate business, to fulfil contractual and legal obligations, to conduct the contractual relationship, to offer products and services and to consolidate customer relationships, which may include analyses for marketing purposes and direct marketing. (Answering contact requests).

Your consent also may constitute a legal basis for data processing. Whenever we should ask for your consent, we will inform you of the purposes of data processing and the right to withdraw your consent. If the consent also relates to the processing of special categories of personal data, we will explicitly notify you in the consent process.

Processing of special categories of personal data within the meaning of Art. 9 I EU-GDPR may only take place where necessary on the grounds of legal regulations and there is no reason to assume that your legitimate interests should prevail to the exclusion of processing such data.

Data transfers / Disclosure to third parties

We will only transfer your data to third parties within the scope of given statutory provisions or based on consent. In all other cases, information will not be transferred to third parties unless we are obliged to do so owing to mandatory legal regulations (disclosure to external bodies, including the competent supervisory authorities or law enforcement authorities).

Data recipients / categories of recipients

Within our organisation, we ensure that only individuals who are required to process the relevant data to fulfil their contractual and legal obligations are authorised to handle personal data.

In certain cases, service providers assist our specialist departments to fulfil their tasks (please see also the section on data transfers to third parties above). The required data protection contracts have been concluded with all service providers. 

Transfers of personal data to third countries  

A transfer of data to other countries (outside the EU/ European Economic Area) shall only take place if required for a contractual relationship, by law or if you have provided your consent for such a transfer. 

We will not transfer your personal data to service providers or group companies outside the EU/ EEA, if not you have provided your consent for such transfer and without having informed you hereon. Also in these cases, we have entered into the required data protection contracts.

Period of data storage

We store your data for as long as such is required for the relevant processing purposes. Please note that numerous retention statutory periods require that data must be stored for a specific period of time. This relates in particular to retention obligations for commercial or fiscal purposes (e.g. commercial code, tax code, etc.). The data will be routinely deleted after use unless a further period of retention is required.

We may also retain data if you have consented hereto or in the event of any legal disputes and we use the evidence within the statutory limitation period which may last for up to thirty years. The regular statutory limitation period lasts for three years.

Secure transfer of data

We implement the appropriate technical and organisational security measures to ensure the optimum protection of your data against accidental or intentional manipulation, loss, destruction or access by unauthorised parties. The measures are continuously reviewed in cooperation with security experts and adapted to current security standards.

The data exchange to and from our website is encrypted. We provide https as a transfer protocol for our website and always use current encryption. Concerning contact forms and job applications, our users are offered additional content encryption. It is solely us who can decrypt that data. You may use alternative communication channels (e.g. surface mail).

Obligation to provide data

A range of personal data is required to establish, implement and terminate the obligation and the fulfilment of contractual and legal obligations. The same applies to the use of our website and the various functions it provides. In some cases, legal regulations require data to be collected or made available.

Please note that it will not be possible to process your request or execute the underlying contractual obligation without the respectively required information.

Data categories, sources and origin of data

The data we process is defined by the relevant context: it depends on whether, for example, you are just surfing our website or enter a request into our contact form, send us a job application or address a complaint.

Please note that from time to time we may also provide information for specific processing situations separately where appropriate, e.g. when you upload a job application or in case of a contact request.

We collect and process the following data when you visit our website:

  • Name of the Internet service provider
  • Information on the website from which you visited us
  • Web browser and operating system used
  • The IP address allocated by your Internet service provider 
  • Files requested, volume of data transferred, downloads/file export
  • Information on websites accessed on our site, including date and time
  • Host name requested and status code
  • For reasons of technical security (in particular concerning the prevention of attacks of our web server), this data is stored in accordance with Article 6 I 1 f EU-GDPR basing on our legitimate interest in operating our website technically safe and secure. Anonymization takes place no later than after seven days by abbreviating the IP address so that no reference is made to the user. The data which has been anonymized in the mentioned way, is then stored for another 60 days. Error-logs, which are used to log faulty access-attempts are deleted after seven days. The latter are containing the IP-address and depending on the fault also the website in addition to the error-notification itself.

Concerning a contact request, we may process the following data:

  • Name, surname, 
  • Contact data
  • E-mail-address
  • Information on your wishes and interests

Concerning online job-applications we may process the following data:

  • Name, surname
  • e-mail-address
  • Cellular No.
  • Birthdate
  • Postal address (Rd, ZIP-code, municipality)
  • Country
  • Any further data you may additionally provide

Concerning virtual conferences/ video conferencing systems, we may process the following data:

  • E-mail-address
  • Telephone number
  • IP-Address
  • Information on your browser and operating system
  • Any further data you may eventually provide through chat functions, conference rooms or further functions.

Contact form / Contact via email (Article 6 I 1 a, b EU-GDPR)

Our website offers a contact form which may be used for contacting us electronically. If you contact us via the contact form. We process the data you provide in this course to contacting you and to respond to your wishes and requests.

Here, we comply with the principle of data minimization, as you only have to provide the information we objectively require to contact you, which is your email address and the message itself. Your IP-address will also be processed for technical and legal reasons. All possible further data may be provided on a voluntary basis (e.g. for responding to your requests more personally). 

If you contact us by email, we will process the personal information provided in the email solely for the purpose of processing your request. If you should not provide the data marked as mandatory, we unfortunately may not be able to answer your request.

Virtual conferences/ Online-conferencing systems (Article 6 I 1 a, b, f EU-GDPR)

For purposes of communicating with us, you may eventually and either at your request or at ours, use online conferencing systems, which may provide for the option of transmitting video- and/ or voice signals. All providers of such systems we are involving at our request have been contracted properly as per requirements of the applying data protection laws. That does especially affect suppliers located outside the EU/ EEA, which may be used to processing personal data in this course and subject to their respective terms of use. Although we have implemented and are continuously updating technical and organizational measures for data protection concerning all conferencing systems we may use, we inform you that there may be a separate processing of such data be executed by the supplier, which is beyond our scope of control and in accordance with their respective terms of use. The respective terms of use and privacy statements shall be made reference to.

The processing of personal data in the course of virtual conferences/ online conferencing systems may be executed concerning a contractual relationship (in initiation), Art. 6 I 1 b EU-GDPR, respectively basing on our legitimate interest in effectively communicating, Art. 6 I 1 f EU-GDPR. A recording will not take place without your previous consent having been declared, Art. 6 I 1 a EU-GDPR. Your data is stored in this regard until the purpose of processing does no longer apply, you are requesting your data to be deleted or if you revoke your consent, if not we are legally obliged to further processing your data. To the extent we are using MS Teams, a service of Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052, USA, your data may be transferred to a server of Microsoft in the USA – if you should this not wish to happen, we are prepared to offering you alternative means of communication (e.g. a telephone call).

Application portal (Art. 6, para. 1, lit. a, b EU-GDPR)

We are appreciating your interest being employed with our group of companies. We are aware of the importance of your personal data and will process the data you offer when filling our application form for purposes of effectively and correctly handling your application and for contacting you in this regard, only. Your data will not be transferred/ disclosed t third parties beyond the group company/ies (MB-Holding GmbH & Co. KG, Martin Bauer GmbH & Co. KG, PhytoLab GmbH & Co. KG, as well as Greuther Teeladen GmbH & Co. KG) you are applying at, if not you have granted your respective consent.

Filling our application form requires you to enter personal data. The principle of data minimization is complied with, here, as you are required to only enter the data we require to fully checking your application (CV), or which we are legally obliged to collect. Such mandatory information is clearly visible marked with an * (aterisk). As a technical requirement, as well as for legal reasons, we are processing your IP-address in addition.

Without this data, we unfortunately cannot check your application, which is why our application management system does not allow for an upload of application of incomplete forms. However, you may provide further information through our application form or your candidates´ profile in addition to the mandatory data. Should you decide to just submitting the information marked as mandatory, this will not have any negative effect on your application process.

For the best possible protection of your data and data confidentiality as well, we have implemented according security measures. Our application management system provides for the encrypted transfer of your application.

Your data is processed only for the purposes mentioned. Your candidates´ profile is subject to anonymization in the very moment you have not been logged in for a period of six consecutive months. Your application will be deleted as soon as the application process ends and the corresponding retention period has terminated – which is six months after you have received our decision at the latest.

You may revoke your consent anytime, without having to mention any reasons and with effect for the future by e-mail to or by surface-mail to MB-Holding GmbH & Co. KG, Personalabteilung, Dutendorfer STr. 5-7, 91487 Vestenbergsgreuth, Germany.

Automated decisions in individual cases 

We do not use fully automated processing to take decisions.

Cookies (Art. 6 I 1 f EU-GDPR / Art. 6 I 1 a EU-GDPR in case of consent) 

Our websites are using “cookies” for purposes of making it more user-friendly, effective and secure. Cookies are small text files that are placed on your device and stored by your browser (locally on your hard disk).

Depending on their individual nature, cookies may enable us to analyse how users use our websites so we can design the website content in accordance with the visitor’s needs or may allow us to measure the effectiveness of a particular ad and, for example, to place it based on the user's interests. The legal basis for our use of cookies to operate the website technically and secure is our legitimate interest herein, Art. 6 I 1 f EU-GDPR.

Most of the cookies we use are "session cookies", which will be automatically deleted after your visit. “Persistent cookies”, which are representing another category of cookies, are automatically deleted from your computer as soon as their individual period of validity has expired or upon deletion, which you may execute even beforehand of expiry.

Most web browsers automatically accept cookies. You may generally change your browser's settings to disable the automated accepting of cookie. Such, however, may influence the usability of our website in general or at least in regard of certain functions.

Additionally, we are using cookies which are allowing us to analyse how our users are browning our websites. That enables us to design our content according to our users´ interests. In Addition, cookies are enabling us to measure the effectiveness of a certain ad and to having it placed depending on, e.g., the respective user interests.

Cookies are stored on the users´ device and transferred to our website from this source. That enables you as a to fully control how cookies are used. By changing your browser-settings, you may deactivate or restrict the transfer of cookies. Moreover, you may delete cookies which have already been placed by changing the respective browser settings or by additional software. All current internet browsers are offering respective functions.

Please be aware, that deactivation cookies may lead to the effect that not all functions of our website may be used to the full extent any longer.

User profiles/ web tracking measures


On this website, technology from etracker GmbH ( is used to collect and save data for marketing and optimization purposes. Usage profiles can be created from this data under a pseudonym. Cookies may be used. Cookies are small text files that are stored locally in the cache of the visitor's Internet browser. Cookies enable recognition of the Internet browser.

The data collected with the etracker technologies will not be used to personally identify the visitor to this website and will not be merged with personal data about the bearer of the pseudonym without the separately given consent of the person concerned. The collection and storage of data can be objected to at any time with future effect.

Contradict the processing

Google Analytics

This website uses Google Analytics, a web analysis service from Google Inc., 1600 Amphitheater, Parkway, Mountain View, CA 94043, USA. ("Google"). Google Analytics uses so-called "cookies", text files that are stored on your computer and that enable your use of the website to be analyzed. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. If IP anonymization is activated on this website, your IP address will be shortened beforehand by Google within member states of the EU or in other contracting states of the Agreement on the EEA. The full IP address will only be transferred to a Google server in the USA and shortened there in exceptional cases. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

We allow to mention, that Google Analytics has been expanded to include IP anonymization on this website in order to ensure the anonymized collection of IP addresses (so-called IP masking). The IP address transferred by your browser as part of Google Analytics will not be merged with other Google data.

You can prevent cookies from being stored by setting your browser software accordingly; however, we allow to mention that in this case you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by using the browser add-on available under the following link. Download and install on. The current link is

Social Media Plugins implemented with Shariff

Plug-ins of the social network LinkedIn are used on our website. You can usually recognize the plug-ins by means of the social media logo. In order to guarantee data protection on our website, we only use these plug-ins together with the so-called “Shariff” two-click solution. This application prevents the plug-ins integrated on our website from transferring data to the respective provider when the page is accessed for the first time. Only if you activate the respective plug-in by clicking the respective button will a direct connection to the provider's server be established (consent). As soon as you activate the plug-in, the respective provider receives the information that you have visited our site with your IP address. If you are logged into your LinkedIn account at the same time, the provider can assign your visit to our website to your user account. Activating the plug-in constitutes consent within the meaning of Art. 6 I 1 a EU-GDPR. You can revoke this consent at any time with effect for the future. You can prevent the collection and processing of data by the social networks by setting your browser accordingly. If you do not want the social networks to assign the data collected via our website directly to your user profile, you must log out before visiting our website.

LinkedIn Plugin

Our website uses functions of the LinkedIn network. The provider is the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Each time you visit one of our pages that contains LinkedIn functions, a connection to the LinkedIn servers is established. LinkedIn is provided the information that you have visited our website with your IP address. If you click the LinkedIn “Recommend” button and are logged into your LinkedIn account, LinkedIn is able to assign your visit to our website to you and your user account. We allow to mention that, as the provider of the website, we have no knowledge of the content of the data transmitted or of how it is used by LinkedIn. The use of the LinkedIn plug-in is based on your consent, Art. 6 I 1 a EU-GDPR. We use the Shariff two-click solution mentioned above to obtain your consent to this processing. Otherwise, the corresponding data processing will not take place (see the explanations on social media plug-ins with Shariff). Further information on data processing at LinkedIn can be found in LinkedIn's data protection declaration at:

Links to other providers

Our website may contain links to the Internet sites of other parties. We may, however, not influence such content and do not accept any liability for such third-party content. The content of these pages is always within the sole responsibility of the third party offering the service or content.

All pages linked have been checked for potential legal violations and identifiable infringements before being linked. We are executing whatsoever legally required checks of content we are linking and will immediately respond to any notification on infringements by taking down the respective link(s).