Innovation in Motion
B2B Service Portal

Pfeifer Holding GmbH

Data privacy statement

Valid from: MArch 2021

1. PREFACE

Regardless of whether you are a customer, interested party, applicant or visitor to our website: We, Pfeifer Holding GmbH (hereinafter: “Pfeifergroup”, “we”) take the protection of your personal data very seriously. But what does this mean specifically?

In the following, we provide you with an overview of what personal data of yours we collect and in what form we process it. Furthermore, you gain an overview of the rights to which you are entitled according to the applicable data privacy law. In addition, we state your contact person in case you have any further questions.

1.1 WHO ARE WE?

The Pfeifergroup is among the leading companies in the European timber industry. We practice our philosophy at eight locations in Austria, Germany and the Czech Republic: Passion for timber – dedication to working with coniferous wood.

As the controller as defined by the applicable data privacy laws, we,

Pfeifer Holding GmbH
Fabrikstraße 54
A-6460 Imst
E-mail: datenschutz@pfeifergroup.com
Telephone: +43 5412 6960 - 351

take all the measures required by the applicable data privacy law to ensure the protection of your personal data. For all questions regarding this data privacy statement, we kindly request that you contact our data privacy coordinator at datenschutz@pfeifergroup.com.

1.1.1 OUR COMPANIES IN GERMANY

The following companies of the Pfeifergroup in Germany have a data privacy officer who can be contacted in case of any questions about the data processing of these companies, at the following details.

Data privacy officer contact details

Dr. Jan Dröge
2B Advice GmbH
Joseph-Schumpeter-Allee 25
D-53227 Bonn
E-mail: pfeifergroup@2b-advice.com
Telephone: +49 228 926165 - 120

Pfeifer Holz GmbH
Mühlenstraße 7
D-86556 Unterbernbach

Pfeifer Holz Lauterbach GmbH
Am Hällstein 1
D-36341 Lauterbach

Pfeifer Holz Schlitz GmbH & Co KG
Bahnhofstraße 63
D-36110 Schlitz

Pfeifer Timber GmbH
Mühlenstraße 7
D-86556 Unterbernbach

Euroblock Verpackungsholz GmbH
Mühlenstraße 7
D-86556 Unterbernbach

1.1.2 OUR COMPANIES IN AUSTRIA AND THE CZECH REPUBLIC

It is possible to contact the data privacy coordinator for the companies listed below with their head office in Austria and the Czech Republic at the e-mail address datenschutz@pfeifergroup.com.

Pfeifer Holding GmbH (parent company)
Fabrikstraße 54
A-6460 Imst

Pfeifer Holz GmbH & Co KG
Fabrikstraße 54
A-6460 Imst

Pfeifer Holz s.r.o.
Chanovice 102
CZ-34101 Horažďovice

1.2 SCOPE OF APPLICABILITY OF THE DATA PRIVACY STATEMENT

Processing of personal data is understood by the law as activities such as the collecting, compiling, organisation, ordering, storing, modification or change, reading, accessing, use, disclosure through transmission, spreading or other form of provision, comparison or association, restricting, erasure or destruction of personal data.

Personal data is all information that relates to an identified or identified natural person.

This data privacy statement is about the personal data of customers, interested parties, applicants or visitors.

This data privacy statement applies to our websites pfeifergroup.com, karriere.pfeifergroup.com, pellets.pfeifergroup.com, euroblock.com and timbory.com.

1.3 WHAT PERSONAL DATA DO WE PROCESS?

We record your personal data if you enter into contact with us e.g. as an interested party or customer. This can come about, for example, if you are interested in our products, register for our online services, contact us through our communication channels, or use our products or services over the course of an existing business relationship.

We process the following types of personal data:

  • Details for personal identification 
    e.g. first name and surname, address details, e-mail address, telephone number, fax number
  • Order details
    e.g. customer number, order number, invoice details

  • Company-related details
    e.g. corporate name, department, position
  • Details about your online behaviour
    e.g. IP addresses, user name, details about your visits to our website, actions carried out on our websites and the access location

  • Information about your interests and wishes that you inform us of
    e.g. through our contact form or through other communication channels

  • Information about your professional history
    e.g. training, previous employers, other qualifications

as well as other information comparable with these data categories.

1.3.1 SENSITIVE DATA

Sensitive data, especially categories of personal data as defined by Art. 9 par. 1 GDPR such as information about religious or trade union affiliation, is not collected in this manner.

1.3.2 PERSONAL DATA OF MINORS

Personal data pertaining to children or minors is only collected if they register in the career portal or use or communication channels.

1.4 USE OF COOKIES

1.4.1 WHAT ARE COOKIES?

Cookies are files that are deposited by our website or by the customer portals on your computer while you are accessing the site. These files store information that make the use of this page more efficient. The following cookies are used on the homepages of the Pfeifergroup.

1.4.1.1 WEBSITE PFEIFERGROUP.COM

CookieScopeValidityTypeNameDescription
fe_typo_userwww.pfeifergroup.comSessionfunctionalBakehouse user IDStores the user session to be able to deliver the website correctly.
_pk_id.394.4826.pfeifergroup.com1 yeartrackingMatomoThis cookie is used by the Matomo software for the statistical evaluation of visitor accesses.
_pk_ses.394.4826.pfeifergroup.com1 hourtrackingMatomoStores an active session. If this cookie is present, the session of the current visit is less than 30 minutes old. The visitor number is increased in the cookie pk_id.
_fbp.pfeifergroup.com1 yeartrackingFacebookFacebook uses this cookie to appeal to users with personalised advertising.
_ga.pfeifergroup.com2 yearstrackingGoogle TrackingContains a randomly generated user ID. Based on this ID, Google Analyics can identify returning users of this website and merge the data from earlier visits.
_gid.pfeifergroup.com1 daytrackingGoogle TrackingContains a randomly generated user ID. Based on this ID, Google Analyics can identify returning users of this website and merge the data from earlier visits.
_gat_gtag_UA_28242516_1.pfeifergroup.com1 hourtrackingGoogle TrackingCertain data is only sent to Google Analytics a maximum of once per minute. As long as this cookie is placed, certain data transmissions are prevented.
_gat_UA-28242516-5.pfeifergroup.com1 hourtrackingGoogle TrackingCertain data is only sent to Google Analytics a maximum of once per minute. As long as this cookie is placed, certain data transmissions are prevented.
fr.facebook.com1 yeartrackingFacebookEncrypted Facebook and browser ID.
UserMatchHistory.linkedin.com1 monthtrackingLinkedInAllows advertising targeted to the user to be displayed.
lang.linkedin.comSessionperformanceStandard languageStores the standard language of the user.
lidc.linkedin.com1 daytrackingLinkedInIs used to forward the user to the required address.
bcookie.linkedin.com1 yeartrackingLinkedInStores the browser ID.
bscookie.www.linkedin.com1 yearfunctionalLinkedInStores a secure browser ID.
lissc.linkedin.com1 yeartrackingLinkedInIs used to track user behaviour.

1.4.1.2 WEBSITE KARRIERE.PFEIFERGROUP.COM

CookieScopeValidityTypeNameDescription
fe_typo_userkarriere.pfeifergroup.comSessionfunctionalBakehouse user IDStores the user session to be able to deliver the website correctly.
_pk_ses.922.bae9.karriere.pfeifergroup.com1 hourtrackingMatomoStores an active session. If this cookie is present, the session of the current visit is less than 30 minutes old. The visitor number is increased in the cookie pk_id.
_pk_id.922.bae9.karriere.pfeifergroup.com1 yeartrackingMatomoThis cookie is used by the Matomo software for the statistical evaluation of visitor accesses.

1.4.1.3 WEBSITE PELLETS.PFEIFERGROUP.COM

CookieURLValidityTypeNameDescription
fe_typo_userpellets.pfeifergroup.comSessionfunctionalBakehouse user IDStores the user session to be able to deliver the website correctly.
_pk_ses.902.1497.pellets.pfeifergroup.com1 hourtrackingMatomoStores an active session. If this cookie is present, the session of the current visit is less than 30 minutes old. The visitor number is increased in the cookie pk_id.
_ga.pfeifergroup.com2 yearstrackingGoogle TrackingContains a randomly generated user ID. Based on this ID, Google Analyics can identify returning users of this website and merge the data from earlier visits.
_gid.pfeifergroup.com1 daytrackingGoogle TrackingContains a randomly generated user ID. Based on this ID, Google Analyics can identify returning users of this website and merge the data from earlier visits.
_gat_gtag_UA_28242516_1.pfeifergroup.com1 hourtrackingGoogle TrackingCertain data is only sent to Google Analytics a maximum of once per minute. As long as this cookie is placed, certain data transmissions are prevented.
_gat_UA-28242516-5.pfeifergroup.com1 hourtrackingGoogle TrackingCertain data is only sent to Google Analytics a maximum of once per minute. As long as this cookie is placed, certain data transmissions are prevented.

1.4.1.4 WEBSITE EUROBLOCK.COM

CookieURLValidityTypeNameDescription
fe_typo_userwww.euroblock.comSessionfunctionalBakehouse User-IDStores the user session to be able to deliver the website correctly.
_pk_ses.406.952d.euroblock.com1 hourtrackingMatomoStores an active session. If this cookie is present, the session of the current visit is less than 30 minutes old. The visitor number is increased in the cookie pk_id.
_ga.euroblock.com2 yearetrackingGoogle TrackingContains a randomly generated user ID. Based on this ID, Google Analytics can identify returning users of this website and merge the data from earlier visits.
_gid.euroblock.com1 daytrackingGoogle TrackingContains a randomly generated user ID. Based on this ID, Google Analytics can identify returning users of this website and merge the data from earlier visits.
_gat_gtag_UA_28242516_2 .euroblock.com1 hourtrackingGoogle TrackingCertain data is only sent to Google Analytics a maximum of once per minute. As long as this cookie is placed, certain data transmissions are prevented.
_pk_id.406.952d.euroblock.com1 yeartrackingMatomoThis cookie is used by the Matomo software for the statistical evaluation of visitor accesses.

1.4.1.5 WEBSITE TIMBORY.COM

CookieURLValidityTypeNameDescription
fe_typo_userwww.timbory.comSessionfunctionalBakehouse user IDStores the user session to be able to deliver the website correctly.
_pk_ses.590.e987.timbory.com1 hourtrackingMatomoStores an active session. If this cookie is present, the session of the current visit is less than 30 minutes old. The visitor number is increased in the cookie pk_id.
_ga.timbory.com2 yearetrackingGoogle TrackingContains a randomly generated user ID. Based on this ID, Google Analytics can identify returning users of this website and merge the data from earlier visits.
_gid.timbory.com1 daytrackingGoogle TrackingContains a randomly generated user ID. Based on this ID, Google Analytics can identify returning users of this website and merge the data from earlier visits.
_gat_UA -28242516-3.timbory.com1 hourtrackingGoogle TrackingCertain data is only sent to Google Analytics a maximum of once per minute. As long as this cookie is placed, certain data transmissions are prevented.
_pk_id.590.e987.timbory.com1 yeartrackingMatomoThis cookie is used by the Matomo software for statistical analysis.

1.4.2 GOOGLE ANALYTICS

This website uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files that are deposited on your computer and that enable an analysis of your use of the website. The information generated by the cookie about your use of the website is generally transmitted to a Google server in the USA and stored there. In case of the activation of IP anonymisation on this website, your IP address is abbreviated beforehand within member states of the European Union or in other contracting states to the Agreement on the European Economic Area.

It is only in exceptional cases that the full IP address is transmitted to a Google server in the USA and abbreviated there. Upon instruction of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports about website activities and to provide further services to the website operator associated with website and Internet use. The IP address transmitted by your browser as part of Google Analytics is not merged with other Google data. You can find further information about the handling of user data by Google Analytics in the Google data privacy statement:

https://support.google.com/analytics/answer/6004245?hl=de

You can prevent the depositing of cookies through an appropriate setting of your browser software; however, we would like to point out that in this case you may not be able to use the full scope of functions of this website.

Furthermore, you can prevent the collection of the data generated by the cookie and relating to your use of the website (incl. your IP address) by Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available under the following link:

https://tools.google.com/dlpage/gaoptout?hl=de

Every user who does not agree to the storing and evaluation of their anonymised user data about their visit to our website can object to this storage and usage at any time. An anonymised use of the customer portal is not possible.

1.4.3 MATOMO

Our website uses functions of the web analysis services Google Analytics and Matomo. The provider of Google Analytics is Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Matomo operates on servers of Cookis GmbH, 6460 Imst, Franz Xaver Rennstraße 4 (Bakehouse customers). Cookies are used for this that enable the analysis of the use of the website by its users. The generated information is transmitted to the server of the respective provider and stored there.

You can prevent this by setting up your browse so that no cookies are stored there. Your IP address is recorded but then immediately pseudonymised by erasing the last eight bit. This means that only rough localisation is still possible.

The data processing is on the basis of the legal provisions of § 96 par. 3 TKG (Telecommunications Act), as well as Art. 6 par. 1 line a (consent) of the GDPR.

As the privacy of our users is important to us, the user data is pseudonymised.

1.4.4 HOTJAR

This website uses Hotjar, a web analysis tool. It makes anonymous recordings of interactions of randomly selected, individual visitors to the Internet site. This results in a logging of e.g. mouse movements and clicks, with the aim of showing potential for improvement of the respective Internet page. In addition, information about the operating system, browser, incoming and outgoing links, geographical origin, as well as the resolution and type of device is evaluated for statistical purposes. This information is not personally attributable and is not passed on to third parties by Hotjar.

If you do not wish data processing by Hotjar, you can deactivate the use of cookies in your web browser settings and delete already active cookies.

Through the use of the header “Do not track”, you can decline the collection of your data by Hotjar at any time when visiting a Hotjar website. You can find out how this works through click here.

You can find out more about data processing by Hotjar here.

1.4.5 FACEBOOK

Within our online offer, the so-called “Facebook Pixel” of the social network Facebook is used, which is operated by Facebook Ireland Limited, 4 Grand Canal Quare, Dublin 2, Irland (“Facebook“).

If a user clicks on an advertisement we have placed that is displayed on Facebook, an add-on is added to the URL of our linked website through Facebook Pixel. If our page allows the sharing of data with Facebook through Pixel, this URL parameter is entered into the browser of the user via a cookie that our linked page places itself. This cookie is then read by Facebook Pixel and allows the data to be passed on to Facebook.

With the help of the Facebook Pixel, it is on the one hand possible for Facebook to determine the visitors to our online offer as a target group for the display of advertisements (so-called “Facebook Ads”). We use the Facebook Pixel accordingly to show the Facebook ads we have placed only to those Facebook users who have shown an interest in our online offer or who have certain traits (e.g. interests in certain themes or products determined by the websites visited), which we transmit to Facebook (so-called “Custom Audiences”). With the help of the Facebook Pixel, we also want to ensure that our Facebook ads correspond to the potential interest of users and are not bothersome. This allows us to continue evaluating the effectiveness of the Facebook advertisements for statistical and market research purposes, by tracking whether users were forwarded to our website after clicking on a Facebook advertisement (so-called “conversion”).

The collected data is anonymous for us and so we cannot determine the identity of the users. However, the data is stored and processed by Facebook, so that a link to the respective user profile is possible and Facebook can use the data for their own advertising purposes, in accordance with the Facebook data usage guideline (https://www.facebook.com/about/privacy/). The data can allow Facebook and their partners to place advertisements on and outside of Facebook.

At https://www.facebook.com/ads/website_custom_audiences/ you can decline the placement of advertisements by Facebook and their partners and revise settings.

The data processing associated with the use of the Facebook Pixel is on the basis of your consent to the evaluation, optimisation and economic operation of our online offer and our advertising measures.

The information generated by Facebook is as a rule conveyed to a Facebook server and stored there, with a possible transmission to the servers of Facebook Inc. in the USA. Therefore, the EU standard contract clauses were concluded with Facebook Inc. based in the USA that ensure compliance with the data protection standards applicable in the EU.

1.4.6 LINKEDIN

The LinkedIn Insight Tag is a small JavaScript code excerpt that you can add to your website to enable detailed campaign reports and gain valuable information about the visitors to your website. As a customer of LinkedIn Marketing Solutions, you can use the LinkedIn Insight Tag to track conversions, carry out retargeting of your website visitors and gain additional information about the members who look at your advertisements.

The LinkedIn Insight Tag enables the collection of data about visits to your website, including ZRL, referrer URL, IP address, device and browser properties (user agent), as well as time stamp. The IP addresses are shortened or (if they are used to reach members across different devices) hashed. The direct identifiers of the members are removed within seven days to pseudonymise the data. The remaining pseudonymised data is then erased within 180 days.

LinkedIn does not share any personal data with the owner of the website but only offers reports (in which you are not identified) about the website target group and campaign success. LinkedIn also offers a retargeting for website visitors, so that the owner of the website can display targeted advertising outside of their website with the help of this data without the member being identified. We also use data that does not identify you to improve the relevance of advertisements and to reach members across different devices. Members of LinkedIn can control the use of their personal data for advertising purposes through their account settings.

1.4.7 GOOGLE TAG MANAGER

This website uses the Google Tag Manager. Google Tag Manager is a solution with which marketers can manage website tags through an interface. The tool itself (that implements the tags) is a domain without cookies and does not store any personal data. The tool ensures the triggering of other tags that may collect data on their part. Google Tag Manager does not access this data. If a deactivation was carried out on a domain or cookie level, this continues to apply to all tracking tags that are implemented with Google Tag Manager.

Recipient: Information about the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland. So-called standard contract clauses were concluded with this service provider as suitable guarantees in accordance with Art. 46 GDPR. Further information about this is available here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_de.

The legal basis is your consent to this data processing.

1.4.8 MICROSOFT DYNAMICS

Contact information is stored in a structured manner through the website (contact forms) or through direct contact with sales staff. All enquiries received through the website are checked in accordance with data privacy (double opt-in procedure).

On the one hand, this information is used in newsletter campaigns. Depending on the contact interest, customer segments are generated and specific online marketing materials are displayed to them. For each of these e-mails, an opt-out link is provided. This leads to a contact profile in which the contact can define their communication preferences. The success of the newsletter campaigns is measured by means of click rates.

On the other hand, Dynamics 365 is used to assign data from contact enquiries through the website to a responsible salesperson. The latter is then able to view this data via an app and make contact with the interested party.

The salesperson can also save trade fair contact directly in this app to ensure a structured follow-up.

1.5 WHY WE PROCESS YOUR PERSONAL DATA – AND ON WHAT LEGAL BASIS?

1.5.1 ON THE BASIS OF YOUR CONSENT

If you have consented to the processing of your personal data for one or more specific purposes, the processing of your data by us is permissible (Art. 6 par. 1 line a GDPR). You can withdraw this consent at any time in relation to the future (Art. 7 par. 3 GDPR), without incurring for yourself other than the transmission costs according to the basic tariffs (costs of your Internet connection). The withdrawal of your consent does not affect the legitimacy of processing that took place up until the revocation.

1.5.1.1 NEWSLETTER

You have the possibility to subscribe to our newsletter through our website. To do so, we need your e-mail address and your declaration that you agree to receiving the newsletter. To provide you with targeted information, we also collect and process voluntarily given details such as browser language and name.

As soon as you have subscribed to the newsletter, we send you a confirmation e-mail with a link to confirm the registration.

You can cancel the newsletter subscription at any time. Please send your cancellation to the following e-mail address. We then erase your data immediately in relation to the newsletter mailing.

1.5.2 CONTRACT FULFILMENT

We process your data to be able to fulfil our contracts (according to Art. 6 par. 1 line b GDPR). This also applies to details that you provide us with as part of precontractual correspondence. The concrete purposes of the data processing depend on the respective product and the request made and can also be used to analyse your requirements and evaluate which products and services are suitable for you. To carry out the contractual relationship (precontractual measures and concluding the purchase contract), we need your name, your address, your telephone number and e-mail address so that we can contact you.

1.5.2.1. OFFERING GOODS AND SERVICES

We also need your personal data to evaluate whether and which products and services we can and may offer you (precontractual measures for putting together an offer).

You can view details of the respective purposes of the data processing in the contract documents and our General Terms and Conditions, as well as this data privacy statement.

1.5.2.2. CARRYING OUT THE APPLICATION PROCEDURE

We process your data that you have sent to us as part of your application, to check whether your subject qualifications are suitable for the advertised position. We only use your information for the application procedure and keep it in your personnel file when concluding a contract. If no appointment is made, your information is erased or destroyed, unless you give your consent to it being stored in the applicant database. We will not use your applicant information for any other purpose than for carrying out the application procedure.

1.5.3. DUE TO LEGAL REGULATIONS OR IN THE PUBLIC INTEREST

As a company, we are subject to a range of legal regulations. To meet our legal obligations, we process your personal data insofar as is necessary according to Art. 6 par.1 line c GDPR.

1.5.4 WE IMPROVE OUR SERVICES AND OFFER YOU SUITABLE PRODUCTS

1.5.4.1 DATA PROCESSING AND ANALYSIS FOR MARKETING PURPOSES

Your requirements are important to us and we try to provide you with information about products and services that are precisely tailored to you. To do so, we use the knowledge gained from our joint business relationship as well as from our market research and process your personal data for this purpose on the basis of our legitimate interest (Art. 6 par. 1 line f GDPR). The key aim of this is to adapt our product suggestions to your requirements. With regard to this, we guarantee that we always process the data in accordance with the applicable data privacy law. Important: You can object at any time to the use of your personal data for this purpose (Art. 21 GDPR).

What do we analyse and process concretely?

  • Results of our marketing campaigns to assess their efficiency and relevance;
  • information regarding your visits to our website;
  • we analyse the potential demand for our products and services.

1.5.4.2 MEASURES FOR YOUR SAFETY

We use your personal data in the following cases, among others:

  • We analyse your data to protect you or your company against fraudulent activities. This can happen e.g. if you have become a victim of identity theft or unauthorised persons have gained access to your user account through other means;
  • to improve the reliability of our web applications, our IT support works closely with you in case of technical problems. In relation to this, we also evaluate logging of page call-ups, actions carried out etc.;
  • to be able to ensure IT security;
  • in case of possible legal disputes to be able to assess and verify issues.

1.6 WHERE WE TRANSMIT DATA TO AND WHY

1.6.1 DATA USAGE WITHIN THE PFEIFERGROUP

Within the Pfeifergroup, access to your personal data is only granted to staff who need it to fulfil our contractual or legal obligations or to uphold our legitimate interests. For this reason, we have taken corresponding measures to ensure compliance with data privacy within the Pfeifergroup:

we have concluded respective contracts with the individual subsidiaries that ensure that personal data that is exchanged within the corporation is always protected.

In accordance with these agreements and the applicable data privacy law, we only transmit personal data to our production and sales subsidiaries for the purposes stated in this data privacy statement. We support our subsidiaries both operatively and in complying with the technical and organisational measures that we also apply at the parent company (Pfeifer Holding GmbH) to ensure the safety of your personal data. If possible, we protect your data through pseudonymisation or anonymisation measures. If subsidiaries are located outside of the EEA, we ensure through appropriate measures that the personal data processed there is protected equally to within the EEA.

1.6.2 DATA USAGE OUTSIDE OF THE PFEIFERGROUP

We pay attention to protecting your personal data and only pass on information about you if legal regulations make it mandatory, you have consented or it is necessary to fulfil contractual obligations.

For the following recipients, for example, there may be a legal obligation to pass on you personal data:

  • public offices or supervisory authorities, e.g. tax offices, customs authorities;
  • judicial and law enforcement authorities, e.g. police, courts, department of public prosecution;
  • solicitors or notaries, e.g. for legal disputes;
  • auditors.

In order to fulfil our contractual obligations, we cooperate with other companies. These include:

  • transport services and hauliers;
  • events organisers and training service providers, if you have registered through us for certain trade fairs or events;
  • banks and financial services providers for processing financial matters.

Own service providers
To be able to run our business efficiently, we make use of the services of external providers who may receive your personal data to fulfil the purposes described, including IT service providers, printing and telecommunications service providers, collection agencies, consulting or marketing companies.

Important: We take great care of your personal data!

To ensure that the service providers comply with the same data privacy standards as our company, we have concluded corresponding agreements for order processing. These agreements regulate, for example:

  • that third parties are only granted access to the data that they need to complete the tasks assigned to them;
  • that at the service providers it is only staff that have explicitly been obliged to comply with the data privacy regulations that receive access to your data;
  • that technical and organisational measures are adhered to by the service providers that ensure data security and data privacy;
  • what happens to the data when the business relationship between us and the service provider is terminated.

For service providers with their head office outside of the European Economic Area (EEA), we take special security measures (e.g. through the use of special contract clauses) to ensure that the data is handled with the same degree of care as in the EEA. We check all our service providers regularly with regard to compliance with our instructions.

Very important: In no case do we sell your personal data to third parties!

1.7 ARE YOU OBLIGED TO PROVIDE US WITH PERSONAL DATA?

In the context of the business relationship between you and Pfeifergroup, we need from you the following categories of personal data:

  • all the necessary data for establishing and carrying out a business relationship;
  • data that is needed to fulfil contractual obligations;
  • data that we are legally obliged to collect.

Without this data, it is not possible for us to enter into or fulfil contracts with you.

1.8 ERASURE DEADLINES

In accordance with the applicable data privacy regulations, we do not store your personal data for longer than we need it for the purposes of the processing in question. If the data is no longer needed to fulfil contractual or legal obligations, we erase it regularly unless a further term of storage remains necessary. The following reasons may necessitate further retention:

  • Commercial or tax law obligations must be complied with: The retention periods according to the regulations of the Commercial Code and Tax Code are up to 10 years.
  • To retain proof in case of legal disputes as part of legal statute of limitations regulations: Statutes of limitations can be up to 30 years in civil law, whereby the regular statute of limitations expires after three years.

1.9 YOUR RIGHTS

You have certain rights regarding the processing of your personal data. Further details are stated in the respective regulations of the GDPR (in Articles 15 to 21).

1.9.1 RIGHT OF ACCESS TO INFORMATION AND RECTIFICATION

You have the right to receive information from us about which of your personal data we are processing. If this information is not or no longer correct, you can request rectification of the data or additions in case of incompleteness. If we have passed your data on to third parties, we inform the respective third parties of the applicable legal situation.

1.9.2 RIGHT TO ERASURE

Under the following circumstances, you can demand the immediate erasure of your personal data:

  • if your personal data is no longer needed for the purposes for which it was collected;
  • if you have withdrawn your consent and there is no other legal basis for processing the data;
  • if you object to the processing and there are no overriding legitimate grounds for processing the data;
  • if your data is processed unlawfully;
  • if your personal data must be erased to fulfil legal obligations.

Please note that before erasing your data we must check that there is no legitimate reason for processing your personal data.

1.9.3 RIGHT TO RESTRICTION OF PROCESSING (“RIGHT TO BLOCK DATA”)

For one of the following reasons, you can demand from us the restriction of the processing of your personal data:

  • If you dispute the correctness of the data, until we have had the opportunity to verify the correctness of the data;
  • If the data is unlawfully processed, but you only request the restriction of the use of the personal data instead of erasure;
  • If we no longer need the personal data for the purposes of the processing but you still need it for the assertion, enforcement or defence of legal claims;
  • If you have objected to the processing and it has still not been established whether your legitimate interests take precedence over ours.

1.9.4 RIGHT TO OBJECTION

1.9.4.1 RIGHT TO OBJECTION IN AN INDIVIDUAL CASE

If the processing is in the public interest or on the basis of a balancing of interests, you have the right to object to the processing for reasons pertaining to your particular situation. If an objection has been raised, we will no longer process your personal data, unless we can prove mandatory grounds for the processing of your data worthy of protection that take precedence over your interests, rights and freedoms, or unless your personal data serves the assertion, enforcement or defence of legal claims. The objection does not nullify the legitimacy of the processing already carried out up until the objection.

1.9.4.2 OBJECTION TO ADVERTISING

In cases in which your personal data is used for advertising campaigns, you can object at any time against this form of processing. We will then no longer process your personal data for these purposes. The objection does not require a specific form and should be addressed to the e-mail address datenschutz@pfeifergroup.com

1.9.5 RIGHT TO DATA PORTABILITY

You have the right on request to receive personal data that you have given to us for processing in a transferable and machine-readable format.

1.9.6 RIGHT TO FILE A COMPLAINT AT THE SUPERVISORY AUTHORITY

We always try to process your enquiries and claims as quickly as possible to ensure your rights accordingly. However, depending on the volume of enquiries, it may take up to 30 days before we can provide further information in your case. If it should take longer, we will inform you duly about the reasons for the delay and discuss the further procedure with you.

In some cases we may not or cannot provide you with any information. Insofar as legally permissible, we will notify you of the reason for declining information.

If you are still not satisfied with our answers and responses or are of the opinion that we are contravening the applicable data privacy law, you are entitled to lodge a complaint to our data privacy coordinator (datenschutz@pfeifergroup.com) or (if available) the data privacy officer (pfeifergroup@2b-advice.com) as well as to the responsible supervisory authority. The supervisory authority responsible for us is:

RESPONSIBLE AUTHORITY for the companies Pfeifer Holz GmbH, Pfeifer Timber GmbH, Euroblock Verpackungsholz GmbH:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA - Bavarian State Office for Data Privacy Supervision)
P.O. Box 606, D-91511 Ansbach
Promenade 27 (Schloss), D-91522 Ansbach

RESPONSIBLE AUTHORITY for the companies Pfeifer Holz Lauterbach GmbH and Pfeifer Holz Schlitz GmbH & Co KG:
Der Hessische Datenschutzbeauftragte (Data Privacy Officer for Hessen)
Gustav-Stresemann-Ring 1, D-65189 Wiesbaden
P.O. Box 31 63, 65021 D-Wiesbaden

RESPONSIBLE AUTHORITY for the companies Pfeifer Holding GmbH (parent company) and Pfeifer Holz GmbH & Co KG:
Österreichische Datenschutzbehörde (Austrian Data Protection Authority)
Wickenburggasse 8
A-1080 Vienna

RESPONSIBLE AUTHORITY for Pfeifer Holz s.r.o.
The Office for Personal Data Protection
Pplk. Sochora 27
170 00 Prague 7
Czech Republic

2.0 VERSION

Status of the data privacy statement: March 2021.