Regardless of whether you are a customer, a prospective customer, an applicant or a visitor to our website: We, Pfeifer Holding GmbH (hereinafter: “Pfeifergroup”, “we”) take the protection of your personal data very seriously. But what does this mean specifically?
In the following, we provide you with an overview of what personal data of yours we collect and in what form we process it. Furthermore, you gain an overview of the rights to which you are entitled according to the applicable data privacy law. We also provide details of your points of contact in case you have any further questions.
The Pfeifergroup is among the leading companies in the European timber industry. We practice our philosophy at eight locations in Austria, Germany and the Czech Republic: Passion for timber – dedication to working with coniferous wood.
As the controller as defined by the applicable data privacy laws, we,
Pfeifer Holding GmbH
Fabrikstraße 54
A-6460 Imst
E-mail: datenschutz@pfeifergroup.com
Telephone: +43 5412 6960 - 0
take all the necessary measures according to current data privacy law to ensure the protection of your personal data. For all questions regarding this data privacy statement, we kindly request that you contact our data privacy coordinator at datenschutz@pfeifergroup.com.
The following companies of the Pfeifergroup in Germany have a data privacy officer who can be contacted in case of any questions about the data processing of these companies, at the following details.
Contact details of data privacy officer
Dr. Laurent Dechâtre
2B Advice GmbH
Joseph-Schumpeter-Allee 25
D-53227 Bonn
E-mail: pfeifergroup@2b-advice.com
Telephone: +49 228 926165 - 120
Pfeifer Holz GmbH
Mühlenstraße 7
D-86556 Unterbernbach
Pfeifer Holz Lauterbach GmbH
Am Hällstein 1
D-36341 Lauterbach
Pfeifer Holz Schlitz GmbH & Co KG
Bahnhofstraße 63
D-36110 Schlitz
Pfeifer Timber GmbH
Mühlenstraße 7
D-86556 Unterbernbach
Euroblock Verpackungsholz GmbH
Mühlenstraße 7
D-86556 Unterbernbach
It is possible to contact the data privacy coordinator for the companies listed below with their head office in Austria and the Czech Republic at the e-mail address datenschutz@pfeifergroup.com.
Pfeifer Holding GmbH (parent company)
Fabrikstraße 54
A-6460 Imst
Pfeifer Holz GmbH & Co KG
Fabrikstraße 54
A-6460 Imst
Pfeifer Holz s.r.o.
Chanovice 102
CZ-34101 Horažďovice
Processing of personal data is understood by the law as activities such as the collecting, compiling, organisation, ordering, storing, modification or change, reading, accessing, use, disclosure through transmission, spreading or other form of provision, comparison or association, restricting, erasure or destruction of personal data.
Personal data is all information that relates to an identified or identified natural person.
This data privacy statement is about the personal data of customers, prospective customers, applicants or visitors.
This data privacy statement applies to our websites pfeifergroup.com, karriere.pfeifergroup.com, pellets.pfeifergroup.com, euroblock.com and timbory.com.
We collect your personal data if you contact us e.g. as a prospective customer or as a customer. This can come about, for example, if you are interested in our products, register for our online services, contact us through our communication channels, or use our products or services over the course of an existing business relationship.
We process the following types of personal data:
as well as other information comparable with these data categories.
Sensitive data, especially categories of personal data as defined by Art. 9 par. 1 GDPR such as information about religious or trade union affiliation, is not collected in this manner.
Personal data pertaining to children or minors is only collected if they register in the career portal or use or communication channels.
Cookies are files that are deposited by our website or by the customer portals on your computer while you are accessing the site. These files store information that make the use of this page more efficient. The following cookies are used on the homepages of the Pfeifergroup.
Individual settings for the use of cookies can be made through this interface:
This website uses Google Analytics, a web analysis service provided by Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA; “Google”). The use comprises the operating mode “Google Analytics 4”. This makes it possible to assign data, sessions and interactions on several devices to a pseudonymous user ID and thereby to analyse the activities of a user across all devices.
Google Analytics uses so-called “cookies”, text files that are deposited on your computer and that enable an analysis of your use of the website. The legal basis for the use of Google Analytics is Art. 6 (1) (a) GDPR, namely your consent. The information generated by the cookie about your use of this website is as a rule transmitted to a Google server in the USA and stored there. The IP address of users is immediately abbreviated in the process, so that the identification of users through the IP address is no longer possible. Please note that you have the right to withdraw your consent at any time with effect for the future. The legitimacy of the processing that has taken place up until the withdrawal of consent remains unaffected. In case of the activation of IP anonymisation on this website, your IP address is abbreviated beforehand within member states of the European Union or in other contracting states to the Agreement on the European Economic Area.
Upon instruction of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports about website activities and to provide further services to the website operator associated with website and Internet use. The IP address transmitted by your browser as part of Google Analytics is not merged with other Google data.
The legal basis for the transmission of personal data to the USA is the adequacy decision of the European Commission dated 10 July 2023, available at: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en. On the basis of the adequacy decision, personal data can be transmitted securely from the EU to US enterprises participating in the EU-US data privacy framework. Google Inc. has entered the EU-US data privacy framework and is obliged to comply with various data protection principles which are set out in Appendix 1 of the adequacy decision. The list of companies who have joined the programme can be found at https://www.dataprivacyframework.gov/s/participant-search.
The data sent by us and linked with cookies are automatically erased after 14 months. The maximum lifespan of the Google Analytics cookies is 2 years. The erasure of data whose retention period has been reached is automatic once a month.
You can find further information about terms of use and data privacy when using Google Analytics at https://www.google.com/analytics/terms/de.html. You can find further information about how Google uses data here: https://www.google.de/policies/privacy/partners/.
Our website uses functions of the web analysis services Google Analytics and Matomo. The provider of Google Analytics is Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Matomo operates on servers of Cookis GmbH, 6460 Imst, Franz Xaver Rennstraße 4 (Bakehouse customers). For this purpose, cookies are used that enable an analysis of the use of the website by its users. The generated information is transferred to the server of the respective provider and is stored there.
You can prevent this by setting up your browse so that no cookies are stored there. Your IP address is recorded but then immediately pseudonymised by erasing the last eight bit. This means that only rough localisation is still possible.
Data processing takes place on the basis of Art. 6 par. 1 lit a (Consent) of GDPR.
As the privacy of our users is important to us, user data is pseudonymised.
This website uses Hotjar, a web analysis tool. It records in an anonymised form the interactions of randomly selected individual visitors with the Internet page. This results in a logging of e.g. mouse movements and clicks, with the aim of showing potential for improvement of the respective Internet page. In addition, information about the operating system, browser, incoming and outgoing links, geographical origin, as well as the resolution and type of device is evaluated for statistical purposes. This information is not personally attributable and is not passed on to third parties by Hotjar.
You can prevent this by setting up your browse so that no cookies are stored there. Your IP address is recorded but then immediately pseudonymised by erasing the last eight bit. This means that only rough localisation is still possible.
Data processing takes place on the basis of Art. 6 par. 1 lit a (Consent) of GDPR.
You can find out more about data processing by Hotjar here.
Within our online offer, the so-called “Facebook pixel” of the social network Facebook is used, which is operated by Meta Platforms Ireland Limited (formerly “Facebook Ireland Limited”, 4 Grand Canal Square, Dublin 2, Ireland).
If a user clicks on an advertisement posted by us that is displayed on Facebook, an addition is made to the URL of our linked page through the Facebook Pixel. Insofar as our page allows the sharing of data with Meta through the Pixel, this URL parameter is entered into the browser of the user via a cookie that is deposited by our linked page itself. This cookie is then read by Facebook Pixel and allows the data to be passed on to Facebook.
With the help of the Facebook Pixel it is possible on the one hand for Meta to ascertain the visitors to our online offer as a target group for displaying advertisements (so-called “Facebook Ads”). We use the Facebook Pixel accordingly to display the Facebook Ads placed by us only to those Facebook users who have also shown an interest in our online offer or who have particular characteristics (e.g. interests in certain topics or products, according to the websites visited) that we transmit to Meta (so-called “customer audiences”). With the help of the Facebook Pixel, we would also like to ensure that our Facebook Ads correspond to the potential interest of the users and are not bothersome. We can therefore also evaluate the effectiveness of the Facebook advertisements for statistical and market research purposes by determining whether users are redirected to our website after clicking on a Facebook advertisement (so-called “conversion”).
The collected data is anonymous for us and therefore does not allow any conclusions about the identity of the users. However, the data is stored and processed by Meta, so that an association with the respective user profile is possible and Facebook can use the data for their own advertising purposes, in accordance with the Facebook data usage directive (https://www.facebook.com/about/privacy/). The data can enable Facebook and their partners to display advertisements on and outside of Facebook.
The data processing associated with the use of the Facebook Pixel is on the basis of your consent to the evaluation, optimisation and economic operation of our online offer and our advertising measures.
In addition, you can prohibit the display of advertisements by Meta and their partners and adjust the settings at https://www.facebook.com/ads/website_custom_audiences/.
The information generated by Meta is as a rule transmitted to a Meta server and stored there, whereby the transmission to a server of Meta Platforms Inc. in the USA can also occur. EU standard contract clauses have therefore been concluded with Meta Platforms Inc. headquartered in the USA, which ensure compliance with the data privacy standard applicable in the EU.
The LinkedIn Insight Tag is a small JavaScript code extract that you can add to your website to enable detailed campaign reports and gain valuable information about the visitors to your website. As a customer of LinkedIn marketing solutions, you can use the LinkedIn Insight Tag to track conversions, carry out a retargeting of your website visitors and gain additional information about the members who view your advertisements.
The LinkedIn Insight Tag enables the collection of data about visits to your website, including ZRL, referrer URL, IP address, device and browser properties (user agent), as well as time stamp. The IP addresses are shortened or (if they are used to reach members across different devices) hashed. The direct identifiers of the members are removed within seven days to pseudonymise the data. The remaining pseudonymised data is then erased within 180 days.
Data processing takes place on the basis of Art. 6 par. 1 lit a (Consent) of GDPR.
LinkedIn does not share any personal data with the owner of the website but only offers reports (in which you are not identified) about the website target group and campaign success. LinkedIn also offers a retargeting for website visitors, so that the owner of the website can display targeted advertising outside of their website with the help of this data, without the member being identified. We also use data that does not identify you to improve the relevance of advertisements and to reach members across different devices. Members of LinkedIn can control the use of their personal data for advertising purposes through their account settings.
This website uses the Google Tag Manager. Google Tag Manager is a solution with which marketers can manage website tags through an interface. The tool itself (that implements the tags) is a domain without cookies and does not store any personal data. The tool ensures the triggering of other tags that may collect data on their part. Google Tag Manager does not access this data. If a deactivation was carried out on a domain or cookie level, this continues to apply to all tracking tags that are implemented with Google Tag Manager.
Recipient: Information about the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland. So-called standard contract clauses were concluded with this service provider as suitable guarantees in accordance with Art. 46 GDPR. Further information about this is available here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_de.
The legal basis is your consent to this data processing.
This website uses Bakehouse CMS. Bakehouse CMS is a tool for managing cookies as well as consent and user settings. The cookies manager scans for new cookies at regular intervals and lists these in an upstream warning. It is an all-in or nothing solution. The users can decide whether tracking is allowed or not.
Our website uses plugins of the YouTube webpage operated by Google. The operator of the webpage is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit one of our pages featuring a YouTube plugin, a connection is established to the YouTube servers. The YouTube server is informed which of our pages you visited.
If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.
You can find further information about the handling of user data in the data privacy statement of YouTube at https://www.google.de/intl/de/policies/privacy
If you have consented to the processing of your personal data for one or more specific purposes, the processing of your data by us is permissible (Art. 6 par. 1 line a GDPR). You can withdraw this consent at any time in relation to the future (Art. 7 par. 3 GDPR), without incurring for yourself other than the transmission costs according to the basic tariffs (costs of your Internet connection). The withdrawal of your consent does not affect the legitimacy of processing that took place up until the revocation.
You have the possibility to subscribe to our newsletter through our website. To do so, we need your e-mail address and your declaration that you agree to receiving the newsletter. To provide you with targeted information, we also collect and process voluntarily given details such as browser language and name.
As soon as you have subscribed to the newsletter, we send you a confirmation e-mail with a link to confirm the registration.
You can cancel the newsletter subscription at any time. Please send your cancellation to the following e-mail address: datenschutz@pfeifergroup.com. We then erase your data immediately in relation to the newsletter mailing.
Contact information is stored in a structured manner through the website (contact forms) or through the direct contact with sales staff. All enquiries received through the website are checked in accordance with data privacy (double opt-in procedure).
On the one hand, this information is used in newsletter campaigns. Depending on the contact interest, customer segments are generated and specific online marketing materials are displayed to them. For each of these e-mails, an opt-out link is provided. This leads to a contact profile in which the contact can define their communication preferences. The success of the newsletter campaigns is measured by means of click rates.
Furthermore, Dynamics 365 is used in order to assign data entered through contact queries via the website to a responsible salesperson. The latter then has the possibility to view this data through an app and to contact the prospective customer. The salesperson can also directly store trade fair contacts in this app to ensure structured follow-up.
We process your data to be able to fulfil our contracts (according to Art. 6 par. 1 line b GDPR). This also applies to details that you provide us with as part of precontractual correspondence. This includes making contact on your part for the purpose of applying for a position we have advertised. The concrete purposes of the data processing depend on the respective product and the request made and can also be used to analyse your requirements and evaluate which products and services are suitable for you. To carry out the contractual relationship (precontractual measures and concluding the purchase contract), we need your name, your address, your telephone number and e-mail address so that we can contact you.
We also need your personal data to evaluate whether and which products and services we can and may offer you (precontractual measures for putting together an offer).
You can view details of the respective purposes of the data processing in the contract documents and our General Terms and Conditions, as well as this data privacy statement.
5.2.2 MAKING CONTACT for the purpose of application via WhatsApp-Business
We process your data that you disclose to us as part of making contact for the purpose of applying for an advertised position. For job advertisements, we indicate a telephone number on the job profile which applicants can contact via WhatsApp to establish initial contact and potentially make an appointment for a job interview. For this purpose we use the messaging service WhatsApp-Business provided by WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. As part of the use of WhatsApp-Business, we process your private telephone number, your profile picture, your first name and surname. Your data is always only used for the purpose of your application. There is no passing on to third parties. Your contact details and chat history will be erased, subject to the legal retention period and the conclusion of the application procedure.
Please note that WhatApp Business in principle receives access to the address books of the mobile end devices used by the users if they agree to the synchronisation of their address books. To ensure the security of your data and protect it against transmission to the parent company Meta Platforms Inc. in the USA, we have not consented to the address book synchronisation on the end devices used by us and for WhatsApp Business.
Therefore, your data is not transmitted to third parties. Please note that for this reason only you can establish an initial contract with us.
The purpose and scope of the data collection and the further processing and use of the data by WhatsApp as well as your respective rights and settings options to protect your privacy are set out in the data privacy specifications of WhatsApp: https://www.whatsapp.com/legal/?eea=1#privacy-policy.
We process your data that you have sent to us as part of your application, to check whether your subject qualifications are suitable for the advertised position. We only use your information for the application procedure and keep it in your personnel file when concluding a contract. If no appointment is made, your information is erased or destroyed, unless you give your consent to it being stored in the applicant database. We will not use your applicant information for any other purpose than for carrying out the application procedure.
As a company, we are subject to a range of legal regulations. To meet our legal obligations, we process your personal data insofar as is necessary according to Art. 6 par.1 line c GDPR.
If you access our website, your browser technically transmits certain information to our web server in order to provide you with the information you requested. To enable you to visit the website, the following information is collected, temporarily stored and used:
To protect our legitimate interests, we will store the details above for a limited period so that in the event of unauthorised access or an access attempt to our server it is possible to derive the personal data (art. 6 (1) (f) GDPR).
Your requirements are important to us, and we try to provide you with information about products and services that are precisely tailored to you. To do so, we use the knowledge gained from our joint business relationship as well as from our market research and process your personal data for this purpose on the basis of our legitimate interest (Art. 6 par. 1 line f GDPR). The key aim of this is to adapt our product suggestions to your requirements. With regard to this, we guarantee that we always process the data in accordance with the applicable data privacy law. Important: You can object at any time to the use of your personal data for this purpose (Art. 21 GDPR).
What do we analyse and process concretely?
We use your personal data in the following cases, among others:
We also use your personal data to be able to assess and prove facts in the event of possible legal disputes.
Within the Pfeifergroup, access to your personal data is only granted to staff who need it to fulfil our contractual or legal obligations or to uphold our legitimate interests. For this reason, we have taken corresponding measures to ensure compliance with data privacy within the Pfeifergroup:
we have concluded respective contracts with the individual subsidiaries that ensure that personal data that is exchanged within the corporation is always protected.
In accordance with these agreements and the applicable data privacy law, we only transmit personal data to our production and sales subsidiaries for the purposes stated in this data privacy statement. We support our subsidiaries both operatively and in complying with the technical and organisational measures that we also apply at the parent company (Pfeifer Holding GmbH) to ensure the safety of your personal data. If possible, we protect your data through pseudonymisation or anonymisation measures. If subsidiaries are located outside of the EEA, we ensure through appropriate measures that the personal data processed there is protected equally to within the EEA.
We pay attention to protecting your personal data and only pass on information about you if legal regulations make it mandatory, you have consented or it is necessary to fulfil contractual obligations.
For example, for the following recipients there may be a legal obligation to pass on your personal data:
In order to fulfil our contractual obligations, we cooperate with other companies. These include:
Own service providers
To be able to make our operations efficient, we make use of the services of external service providers who may receive your personal data for the fulfilment of the described purposes, including IT service providers, as well as debt collection, consultancy or sales companies.
To ensure that the same data privacy standards as we apply are complied with by the service providers, we have concluded appropriate order processing contracts.
For service providers with their head office outside of the European Economic Area (EEA), we take special security measures (e.g. through the use of special contract clauses) to ensure that the data is handled with the same degree of care as in the EEA. We check all our service providers regularly with regard to compliance with our instructions.
In accordance with the applicable data privacy regulations, we do not store your personal data for longer than we need it for the purposes of the processing in question. If the data is no longer needed to fulfil contractual or legal obligations, we erase it regularly unless a further term of storage remains necessary. The following reasons may necessitate further retention:
You have certain rights regarding the processing of your personal data. Further details are stated in the respective regulations of the GDPR (in Articles 15 to 21).
You have the right to receive information from us about which of your personal data we are processing. If this information is not or no longer correct, you can request rectification of the data or additions in case of incompleteness. If we have passed your data on to third parties, we inform the respective third parties of the applicable legal situation.
Under the following circumstances, you can demand the immediate erasure of your personal data:
Please note that before erasing your data we must check that there is no legitimate reason for processing your personal data.
For one of the following reasons, you can demand from us the restriction of the processing of your personal data:
If the processing is in the public interest or on the basis of a balancing of interests, you have the right to object to the processing for reasons pertaining to your particular situation. Following an objection, we will no longer process your data unless we can prove mandatory grounds for processing your data that outweigh your interests, rights and freedoms, or because your personal data serves to make, exert or defend legal claims. The objection does not nullify the legitimacy of the processing already carried out up until the objection.
In cases in which your personal data is used for advertising campaigns, you can object at any time to this form of processing. We will then no longer process your personal data for these purposes.
The objection does not require a specific form and should be addressed to the e-mail address datenschutz@pfeifergroup.com
You have the right on request to receive personal data that you have given to us for processing in a transferable and machine-readable format.
We always try to process your enquiries and claims as quickly as possible to ensure your rights accordingly. However, depending on the volume of enquiries, it may take up to 30 days before we can provide further information in your case. If it should take longer, we will inform you duly about the reasons for the delay and discuss the further procedure with you.
In some cases, we may not or cannot provide you with any information. Insofar as legally permissible, we will notify you of the reason for declining information.
If you are still not satisfied with our answers and responses or are of the opinion that we are contravening the applicable data privacy law, you are entitled to lodge a complaint to our data privacy coordinator (datenschutz@pfeifergroup.com) or (if available) the data privacy officer (pfeifergroup@2b-advice.com) as well as to the responsible supervisory authority.
The supervisory authority responsible for us is:
RESPONSIBLE AUTHORITY for the companies
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Postfach 606, D-91511 Ansbach
Promenade 27 (Schloss), D-91522 Ansbach
RESPONSIBLE AUTHORITY for the companies
Der Hessische Datenschutzbeauftragte
Gustav-Stresemann-Ring 1, D-65189 Wiesbaden
Postfach 31 63, 65021 D-Wiesbaden
RESPONSIBLE AUTHORITY for the companies
Österreichische Datenschutzbehörde
Wickenburggasse 8
A-1080 Wien
RESPONSIBLE AUTHORITY for Pfeifer Holz s.r.o.
The Office for Personal Data Protection
Pplk. Sochora 27
170 00 Praha 7
Czech Republic