Pfeifer Holding GmbH

Data privacy statement and cookies settings

Status of the data privacy statement: February 2024.

Regardless of whether you are a customer, a prospective customer, an applicant or a visitor to our website: We, Pfeifer Holding GmbH (hereinafter: “Pfeifergroup”, “we”) take the protection of your personal data very seriously. But what does this mean specifically?

In the following, we provide you with an overview of what personal data of yours we collect and in what form we process it. Furthermore, you gain an overview of the rights to which you are entitled according to the applicable data privacy law. We also provide details of your points of contact in case you have any further questions.

1 Who are we?

The Pfeifergroup is among the leading companies in the European timber industry. We practice our philosophy at eight locations in Austria, Germany and the Czech Republic: Passion for timber – dedication to working with coniferous wood.

As the controller as defined by the applicable data privacy laws, we,

Pfeifer Holding GmbH
Fabrikstraße 54
A-6460 Imst
E-mail: datenschutz@pfeifergroup.com
Telephone: +43 5412 6960 - 0

take all the necessary measures according to current data privacy law to ensure the protection of your personal data. For all questions regarding this data privacy statement, we kindly request that you contact our data privacy coordinator at datenschutz@pfeifergroup.com.

1.1 OUR COMPANIES IN GERMANY

The following companies of the Pfeifergroup in Germany have a data privacy officer who can be contacted in case of any questions about the data processing of these companies, at the following details.

Contact details of data privacy officer
Dr. Laurent Dechâtre
2B Advice GmbH
Joseph-Schumpeter-Allee 25
D-53227 Bonn
E-mail: pfeifergroup@2b-advice.com
Telephone: +49 228 926165 - 120

Pfeifer Holz GmbH
Mühlenstraße 7
D-86556 Unterbernbach

Pfeifer Holz Lauterbach GmbH
Am Hällstein 1
D-36341 Lauterbach

Pfeifer Holz Schlitz GmbH & Co KG
Bahnhofstraße 63
D-36110 Schlitz

Pfeifer Timber GmbH
Mühlenstraße 7
D-86556 Unterbernbach

Euroblock Verpackungsholz GmbH
Mühlenstraße 7
D-86556 Unterbernbach

1.2 OUR COMPANIES IN AUSTRIA AND THE CZECH REPUBLIC

It is possible to contact the data privacy coordinator for the companies listed below with their head office in Austria and the Czech Republic at the e-mail address datenschutz@pfeifergroup.com.

Pfeifer Holding GmbH (parent company)
Fabrikstraße 54
A-6460 Imst

Pfeifer Holz GmbH & Co KG
Fabrikstraße 54
A-6460 Imst

Pfeifer Holz s.r.o.
Chanovice 102
CZ-34101 Horažďovice

1.3 OUR COMPANIES IN FINLAND

Pölkky Oy
Kemijärventie 73
93600 Kuusamo

2 scope of applicability of the data privacy statement

Processing of personal data is understood by the law as activities such as the collecting, compiling, organisation, ordering, storing, modification or change, reading, accessing, use, disclosure through transmission, spreading or other form of provision, comparison or association, restricting, erasure or destruction of personal data.

Personal data is all information that relates to an identified or identified natural person.

This data privacy statement is about the personal data of customers, prospective customers, applicants or visitors.

This data privacy statement applies to our websites pfeifergroup.com, karriere.pfeifergroup.com, pellets.pfeifergroup.com, euroblock.comtimbory.com and shop.pfeifergroup.com.

3 What personal data do we process?

We collect your personal data if you contact us e.g. as a prospective customer or as a customer. This can come about, for example, if you are interested in our products, register for our online services, contact us through our communication channels, or use our products or services over the course of an existing business relationship.

We process the following types of personal data:

  • Details for personal identification
    e.g. first name and surname, address details, e-mail address, telephone number, fax number
  • Order details
    e.g. customer number, order number, invoice details
  • Company-related details
    e.g. corporate name, department, position
  • Details about your online behaviour
    e.g. IP addresses, user name, details about your visits to our website, actions carried out on our websites and the access location
  • Information about your interests and wishes that you inform us of
    e.g. through our contact form or through other communication channels
  • Information about your professional career
    e.g. professional qualifications, previous employer, other qualifications

as well as other information comparable with these data categories.

3.1 E-mail communication

When you send us e-mails, these are processed on IT systems that are made available by a service provider on servers in the cloud.

There are order processing contracts with this service provider and further subcontractors according to Art. 28 GDPR. This ensures a suitable data protection level. This comprises appropriate technical and organisational measures to safeguard your data.

Service providers such as Microsoft in the USA may be forced on the basis of national legislation to transmit data from the cloud to US security authorities. It is possible that we will not be informed of these circumstances and so no legal measures may be instigated.

We kindly request that you observe this and do not send us sensitive information by e-mail.

3.2 Sensitive data

Sensitive data, especially categories of personal data as defined by Art. 9 par. 1 GDPR such as information about religious or trade union affiliation, is not collected in this manner.

3.3 Personal data of minors

Personal data pertaining to children or minors is only collected if they register in the career portal or use or communication channels.

4 Use of cookies and plugins

4.1 What are Cookies?

Cookies are files that are deposited by our website or by the customer portals on your computer while you are accessing the site. These files store information that make the use of this page more efficient. The following cookies are used on the homepages of the Pfeifergroup.

4.1.1 Changing cookie settings

Individual settings for the use of cookies can be made through this interface:

4.1.2 List of Cookies of the timbory.com Website

4.2 Google Analytics

This website uses Google Analytics, a web analysis service provided by Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA; “Google”). The use comprises the operating mode “Google Analytics 4”. This makes it possible to assign data, sessions and interactions on several devices to a pseudonymous user ID and thereby to analyse the activities of a user across all devices.

Google Analytics uses so-called “cookies”, text files that are deposited on your computer and that enable an analysis of your use of the website. The legal basis for the use of Google Analytics is Art. 6 (1) (a) GDPR, namely your consent. The information generated by the cookie about your use of this website is as a rule transmitted to a Google server in the USA and stored there. The IP address of users is immediately abbreviated in the process, so that the identification of users through the IP address is no longer possible. Please note that you have the right to withdraw your consent at any time with effect for the future. The legitimacy of the processing that has taken place up until the withdrawal of consent remains unaffected. In case of the activation of IP anonymisation on this website, your IP address is abbreviated beforehand within member states of the European Union or in other contracting states to the Agreement on the European Economic Area.

Upon instruction of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports about website activities and to provide further services to the website operator associated with website and Internet use. The IP address transmitted by your browser as part of Google Analytics is not merged with other Google data.

The legal basis for the transmission of personal data to the USA is the adequacy decision of the European Commission dated 10 July 2023, available at: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en. On the basis of the adequacy decision, personal data can be transmitted securely from the EU to US enterprises participating in the EU-US data privacy framework. Google Inc. has entered the EU-US data privacy framework and is obliged to comply with various data protection principles which are set out in Appendix 1 of the adequacy decision. The list of companies who have joined the programme can be found at https://www.dataprivacyframework.gov/s/participant-search.

The data sent by us and linked with cookies are automatically erased after 14 months. The maximum lifespan of the Google Analytics cookies is 2 years. The erasure of data whose retention period has been reached is automatic once a month.

You can find further information about terms of use and data privacy when using Google Analytics at https://www.google.com/analytics/terms/de.html. You can find further information about how Google uses data here: https://www.google.de/policies/privacy/partners/.

4.3 Matomo

Our website uses functions of the web analysis services Google Analytics and Matomo. The provider of Google Analytics is Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Matomo operates on servers of Cookis GmbH, 6460 Imst, Franz Xaver Rennstraße 4 (Bakehouse customers). For this purpose, cookies are used that enable an analysis of the use of the website by its users. The generated information is transferred to the server of the respective provider and is stored there.

You can prevent this by setting up your browse so that no cookies are stored there. Your IP address is recorded but then immediately pseudonymised by erasing the last eight bit. This means that only rough localisation is still possible.

Data processing takes place on the basis of Art. 6 par. 1 lit a (Consent) of GDPR.

As the privacy of our users is important to us, user data is pseudonymised.

4.4 Hotjar

This website uses Hotjar, a web analysis tool. It records in an anonymised form the interactions of randomly selected individual visitors with the Internet page. This results in a logging of e.g. mouse movements and clicks, with the aim of showing potential for improvement of the respective Internet page. In addition, information about the operating system, browser, incoming and outgoing links, geographical origin, as well as the resolution and type of device is evaluated for statistical purposes. This information is not personally attributable and is not passed on to third parties by Hotjar.

You can prevent this by setting up your browse so that no cookies are stored there. Your IP address is recorded but then immediately pseudonymised by erasing the last eight bit. This means that only rough localisation is still possible.

Data processing takes place on the basis of Art. 6 par. 1 lit a (Consent) of GDPR.

You can find out more about data processing by Hotjar here.

4.5 Facebook

Within our online offer, the so-called “Facebook pixel” of the social network Facebook is used, which is operated by Meta Platforms Ireland Limited (formerly “Facebook Ireland Limited”, 4 Grand Canal Square, Dublin 2, Ireland). 

If a user clicks on an advertisement posted by us that is displayed on Facebook, an addition is made to the URL of our linked page through the Facebook Pixel. Insofar as our page allows the sharing of data with Meta through the Pixel, this URL parameter is entered into the browser of the user via a cookie that is deposited by our linked page itself. This cookie is then read by Facebook Pixel and allows the data to be passed on to Facebook.

With the help of the Facebook Pixel it is possible on the one hand for Meta to ascertain the visitors to our online offer as a target group for displaying advertisements (so-called “Facebook Ads”). We use the Facebook Pixel accordingly to display the Facebook Ads placed by us only to those Facebook users who have also shown an interest in our online offer or who have particular characteristics (e.g. interests in certain topics or products, according to the websites visited) that we transmit to Meta (so-called “customer audiences”). With the help of the Facebook Pixel, we would also like to ensure that our Facebook Ads correspond to the potential interest of the users and are not bothersome. We can therefore also evaluate the effectiveness of the Facebook advertisements for statistical and market research purposes by determining whether users are redirected to our website after clicking on a Facebook advertisement (so-called “conversion”).

The collected data is anonymous for us and therefore does not allow any conclusions about the identity of the users. However, the data is stored and processed by Meta, so that an association with the respective user profile is possible and Facebook can use the data for their own advertising purposes, in accordance with the Facebook data usage directive (https://www.facebook.com/about/privacy/). The data can enable Facebook and their partners to display advertisements on and outside of Facebook.

The data processing associated with the use of the Facebook Pixel is on the basis of your consent to the evaluation, optimisation and economic operation of our online offer and our advertising measures.

In addition, you can prohibit the display of advertisements by Meta and their partners and adjust the settings at https://www.facebook.com/ads/website_custom_audiences/.

The information generated by Meta is as a rule transmitted to a Meta server and stored there, whereby the transmission to a server of Meta Platforms Inc. in the USA can also occur. EU standard contract clauses have therefore been concluded with Meta Platforms Inc. headquartered in the USA, which ensure compliance with the data privacy standard applicable in the EU.

4.6 LinkedIn

The LinkedIn Insight Tag is a small JavaScript code extract that you can add to your website to enable detailed campaign reports and gain valuable information about the visitors to your website. As a customer of LinkedIn marketing solutions, you can use the LinkedIn Insight Tag to track conversions, carry out a retargeting of your website visitors and gain additional information about the members who view your advertisements.

The LinkedIn Insight Tag enables the collection of data about visits to your website, including ZRL, referrer URL, IP address, device and browser properties (user agent), as well as time stamp. The IP addresses are shortened or (if they are used to reach members across different devices) hashed. The direct identifiers of the members are removed within seven days to pseudonymise the data. The remaining pseudonymised data is then erased within 180 days.

Data processing takes place on the basis of Art. 6 par. 1 lit a (Consent) of GDPR.

LinkedIn does not share any personal data with the owner of the website but only offers reports (in which you are not identified) about the website target group and campaign success. LinkedIn also offers a retargeting for website visitors, so that the owner of the website can display targeted advertising outside of their website with the help of this data, without the member being identified. We also use data that does not identify you to improve the relevance of advertisements and to reach members across different devices. Members of LinkedIn can control the use of their personal data for advertising purposes through their account settings.

4.7 Google Tag-Manager

This website uses the Google Tag Manager. Google Tag Manager is a solution with which marketers can manage website tags through an interface. The tool itself (that implements the tags) is a domain without cookies and does not store any personal data. The tool ensures the triggering of other tags that may collect data on their part. Google Tag Manager does not access this data. If a deactivation was carried out on a domain or cookie level, this continues to apply to all tracking tags that are implemented with Google Tag Manager.

Recipient: Information about the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland. So-called standard contract clauses were concluded with this service provider as suitable guarantees in accordance with Art. 46 GDPR. Further information about this is available here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_de.

The legal basis is your consent to this data processing.

4.8 Bakehouse

This website uses Bakehouse CMS. Bakehouse CMS is a tool for managing cookies as well as consent and user settings. The cookies manager scans for new cookies at regular intervals and lists these in an upstream warning. It is an all-in or nothing solution. The users can decide whether tracking is allowed or not.

4.9 YouTube

Our website uses plugins of the YouTube webpage operated by Google. The operator of the webpage is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit one of our pages featuring a YouTube plugin, a connection is established to the YouTube servers. The YouTube server is informed which of our pages you visited.

If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account. You can find further information about the handling of user data in the data privacy statement of YouTube at https://www.google.de/intl/de/policies/privacy

4.10 LinkTree

We use LinkTree on our Instagram page, a tool that allows us to compile a clear list of links to various target pages and integrate it in our Instagram biography. This tool is provided by Linktree Pty Ltd, a company headquartered in Australia.

Data collection and use:
LinkTree collects data about the click behaviour of users on the provided links. This data includes:

  • Number of click views
  • Places of origin of the users (in a general form)
  • Types of end devices used


This data is used by LinkTree exclusively to analyse user behaviour and to optimise our online presence. The data helps us to understand what content our followers are interested in and how they arrive at our landing pages. No specific, person-related data is collected. The collected data is retained for a period of 90 days and is then automatically erased. We ourselves do not store this data in addition.

Cookies:
LinkTree does not deposit any cookies on the end devices of users.

Your rights and options:
You have the right to information about personal data relating to you that we may collect through the use of LinkTree. In addition, you have the right to rectification, erasure or restriction of the processing of this data, insofar as we are storing it.

Further detailed information on data collection and processing by LinkTree is available in their data privacy notice here: https://linktr.ee/s/privacy/

5 For what purpose do we process your personal data – and on what legal basis?

5.1 On the basis of your consent

If you have consented to the processing of your personal data for one or more specific purposes, the processing of your data by us is permissible (Art. 6 par. 1 line a GDPR). You can withdraw this consent at any time in relation to the future (Art. 7 par. 3 GDPR), without incurring for yourself other than the transmission costs according to the basic tariffs (costs of your Internet connection). The withdrawal of your consent does not affect the legitimacy of processing that took place up until the revocation.

5.1.1 Newsletter

You have the possibility to subscribe to our newsletter through our website. To do so, we need your e-mail address and your declaration that you agree to receiving the newsletter. To provide you with targeted information, we also collect and process voluntarily given details such as browser language and name.

As soon as you have subscribed to the newsletter, we send you a confirmation e-mail with a link to confirm the registration.

You can cancel the newsletter subscription at any time. Please send your cancellation to the following e-mail address: datenschutz@pfeifergroup.com. We then erase your data immediately in relation to the newsletter mailing.

5.1.2 Microsoft Dynamics

Contact information is stored in a structured manner through the website (contact forms) or through the direct contact with sales staff. All enquiries received through the website are checked in accordance with data privacy (double opt-in procedure).

On the one hand, this information is used in newsletter campaigns. Depending on the contact interest, customer segments are generated and specific online marketing materials are displayed to them. For each of these e-mails, an opt-out link is provided. This leads to a contact profile in which the contact can define their communication preferences. The success of the newsletter campaigns is measured by means of click rates.

Furthermore, Dynamics 365 is used in order to assign data entered through contact queries via the website to a responsible salesperson. The latter then has the possibility to view this data through an app and to contact the prospective customer. The salesperson can also directly store trade fair contacts in this app to ensure structured follow-up.

5.1.3 Business Cards

The processing of data on business cards (surname, first name, e-mail address, telephone number and address, if applicable) by us is on the basis of your granted consent pursuant to Art. 6 par. 1 lit. a GDPR as well as our legitimate interest according to Art. 6 par. 1 lit. f GDPR in building up mutual business contacts.

Your data will be stored, unless you withdraw your consent, for the intended purpose until it is no longer required for the purpose of its collection and there are no statutory retention periods that prohibit erasure.

Your data will not be passed on to other recipients.

5.2 Contract Fulfilment

We process your data to be able to fulfil our contracts (according to Art. 6 par. 1 line b GDPR). This also applies to details that you provide us with as part of precontractual correspondence. This includes making contact on your part for the purpose of applying for a position we have advertised. The concrete purposes of the data processing depend on the respective product and the request made and can also be used to analyse your requirements and evaluate which products and services are suitable for you. To carry out the contractual relationship (precontractual measures and concluding the purchase contract), we need your name, your address, your telephone number and e-mail address so that we can contact you.

5.2.1. Offering Goods and Services

We also need your personal data to evaluate whether and which products and services we can and may offer you (precontractual measures for putting together an offer).

You can view details of the respective purposes of the data processing in the contract documents and our General Terms and Conditions, as well as this data privacy statement.

5.2.2 Making Contact for the purpose of application via WhatsApp-Business

We process your data that you disclose to us as part of making contact for the purpose of applying for an advertised position. For job advertisements, we indicate a telephone number on the job profile which applicants can contact via WhatsApp to establish initial contact and potentially make an appointment for a job interview. For this purpose we use the messaging service WhatsApp-Business provided by WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. As part of the use of WhatsApp-Business, we process your private telephone number, your profile picture, your first name and surname. Your data is always only used for the purpose of your application. There is no passing on to third parties. Your contact details and chat history will be erased, subject to the legal retention period and the conclusion of the application procedure.

Please note that WhatApp Business in principle receives access to the address books of the mobile end devices used by the users if they agree to the synchronisation of their address books. To ensure the security of your data and protect it against transmission to the parent company Meta Platforms Inc. in the USA, we have not consented to the address book synchronisation on the end devices used by us and for WhatsApp Business.

Therefore, your data is not transmitted to third parties. Please note that for this reason only you can establish an initial contract with us.

The purpose and scope of the data collection and the further processing and use of the data by WhatsApp as well as your respective rights and settings options to protect your privacy are set out in the data privacy specifications of WhatsApp: https://www.whatsapp.com/legal/?eea=1#privacy-policy.

5.2.3 Carrying out the application procedure

We process your data that you have sent to us as part of your application, to check whether your subject qualifications are suitable for the advertised position. We only use your information for the application procedure and keep it in your personnel file when concluding a contract. If no appointment is made, your information is erased or destroyed, unless you give your consent to it being stored in the applicant database. We will not use your applicant information for any other purpose than for carrying out the application procedure.

5.3 Due to legal regulations or in the public interest

As a company, we are subject to a range of legal regulations. To meet our legal obligations, we process your personal data insofar as is necessary according to Art. 6 par.1 line c GDPR.

5.4 After weighing of interests:

5.4.1 Accessing the website

If you access our website, your browser technically transmits certain information to our web server in order to provide you with the information you requested. To enable you to visit the website, the following information is collected, temporarily stored and used:

  • IP address
  • Date and time of enquiry
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of enquiry (concrete page)
  • Operating system and its interface
  • Access status / HTTP status code
  • Transmitted data volume
  • Website the enquiry is coming from
  • Browser, language and version of browser software

To protect our legitimate interests, we will store the details above for a limited period so that in the event of unauthorised access or an access attempt to our server it is possible to derive the personal data (art. 6 (1) (f) GDPR).

5.4.2 Data Processing and Analysis for Marketing Purposes

Your requirements are important to us, and we try to provide you with information about products and services that are precisely tailored to you. To do so, we use the knowledge gained from our joint business relationship as well as from our market research and process your personal data for this purpose on the basis of our legitimate interest (Art. 6 par. 1 line f GDPR). The key aim of this is to adapt our product suggestions to your requirements. With regard to this, we guarantee that we always process the data in accordance with the applicable data privacy law. Important: You can object at any time to the use of your personal data for this purpose (Art. 21 GDPR).

What do we analyse and process concretely?

  • Results of our marketing campaigns to assess their efficiency and relevance;
  • we analyse the potential demand for our products and services.


5.4.3 Measures for the Purpose of your Security

We use your personal data in the following cases, among others:

  • We analyse your data to protect you or your company against fraudulent activities. This can happen e.g. if you have become a victim of identity theft or unauthorised persons have gained access to your user account through other means;
  • to improve the reliability of our web applications, our IT support works closely with you in case of technical problems. In relation to this, we also evaluate logging of page call-ups, actions carried out etc.;
  • to be able to ensure IT security;


5.4.4 Proof in case of possible legal disputes

We also use your personal data to be able to assess and prove facts in the event of possible legal disputes.

6 Where we transmit data to and why

6.1 Data Usage within the Pfeifergroup

Within the Pfeifergroup, access to your personal data is only granted to staff who need it to fulfil our contractual or legal obligations or to uphold our legitimate interests. For this reason, we have taken corresponding measures to ensure compliance with data privacy within the Pfeifergroup:

we have concluded respective contracts with the individual subsidiaries that ensure that personal data that is exchanged within the corporation is always protected.

In accordance with these agreements and the applicable data privacy law, we only transmit personal data to our production and sales subsidiaries for the purposes stated in this data privacy statement. We support our subsidiaries both operatively and in complying with the technical and organisational measures that we also apply at the parent company (Pfeifer Holding GmbH) to ensure the safety of your personal data. If possible, we protect your data through pseudonymisation or anonymisation measures. If subsidiaries are located outside of the EEA, we ensure through appropriate measures that the personal data processed there is protected equally to within the EEA.

6.2 Data Usage outside of the Pfeifergroup

We pay attention to protecting your personal data and only pass on information about you if legal regulations make it mandatory, you have consented or it is necessary to fulfil contractual obligations.

For example, for the following recipients there may be a legal obligation to pass on your personal data:

  • public offices or supervisory authorities, e.g. tax authorities, customs authorities;
  • legal and law enforcement authorities, e.g. police, courts, public prosecution department;
  • solicitors or notaries, e.g. in legal disputes;
  • auditors.


In order to fulfil our contractual obligations, we cooperate with other companies. These include:

  • transport service providers and forwarding companies;
  • event organisers and training providers if you have registered for certain trade fairs or events through us;
  • banks and financial service providers for the handling of all financial matters.


Own service providers
To be able to operate efficiently, we make use of the services of the following external providers, who may receive your personal data in order to fulfil the described purposes:

Categories of recipientMain object of the assignmentType of data received
IT service providers
Communication and support, website improvementsUsage data, communication data, technical data
Advertising agencyDevelopment and implementation of marketing strategiesContact details, demographic data, usage data
PrinterPrinting and mailing marketing materials, invoices or contract documentsContact details, order details, contract details
ForwarderLogistics and dispatch of goods or documentsContact details, order details, delivery addresses
ConsultancyAdvice for optimising business processes, sales supportContact details, contract details, company data

To ensure that the same data privacy standards as we apply are complied with by the service providers, we have concluded appropriate order processing contracts.

For service providers with their head office outside of the European Economic Area (EEA), we take special security measures (e.g. through the use of special contract clauses) to ensure that the data is handled with the same degree of care as in the EEA. We regularly check all our service providers for compliance with our instructions.

7 Erasure deadlines

In accordance with the applicable data privacy regulations, we do not store your personal data for longer than we need it for the purposes of the processing in question. If the data is no longer needed to fulfil contractual or legal obligations, we erase it regularly unless a further term of storage remains necessary. The following reasons may necessitate further retention:

  • Retention obligations under commercial and tax law must be complied with: The retention periods according to the regulations of the Commercial Code and Tax Code are up to 10 years.
  • For receiving proof in the case of legal disputes regarding legal regulations for statutes of limitation: Statutes of limitations can be up to 30 years in civil law, whereby the regular statute of limitations expires after three years.

8 Your rights

You have certain rights regarding the processing of your personal data. Further details are stated in the respective regulations of the GDPR (in Articles 15 to 21).

8.1 Right to Information and Rectification

You have the right to receive information from us about which of your personal data we are processing. If this information is not or no longer correct, you can request rectification of the data or additions in case of incompleteness. If we have passed your data on to third parties, we inform the respective third parties of the applicable legal situation.

8.2 Right to Erasure

Under the following circumstances, you can demand the immediate erasure of your personal data:

  • if your personal data is no longer needed for the purposes for which it was collected;
  • if you have withdrawn your consent and there is no other legal basis for processing the data;
  • if you object to the processing and there are no overriding legitimate grounds for processing the data;
  • if your data is processed unlawfully;
  • if your personal data must be erased to fulfil legal obligations.

 

Please note that before erasing your data we must check that there is no legitimate reason for processing your personal data.

8.3 Right to Restriction of Processing ("Right to block")

For one of the following reasons, you can demand from us the restriction of the processing of your personal data:

  • If you dispute the correctness of the data, until we have had the opportunity to verify the correctness of the data;
  • If the data is unlawfully processed, but you only request the restriction of the use of the personal data instead of erasure;
  • If we no longer need the personal data for the purposes of the processing but you still need it for the assertion, enforcement or defence of legal claims;
  • If you have objected to the processing and it has still not been established whether your legitimate interests take precedence over ours.

 

8.4 Right of Objection

8.4.1 Right of Objection in an individual Case

If the processing is in the public interest or on the basis of a balancing of interests, you have the right to object to the processing for reasons pertaining to your particular situation. Following an objection, we will no longer process your data unless we can prove mandatory grounds for processing your data that outweigh your interests, rights and freedoms, or because your personal data serves to make, exert or defend legal claims. The objection does not nullify the legitimacy of the processing already carried out up until the objection.

8.4.2 Objection to Advertising

In cases in which your personal data is used for advertising campaigns, you can object at any time to this form of processing. We will then no longer process your personal data for these purposes.

The objection does not require a specific form and should be addressed to the e-mail address datenschutz@pfeifergroup.com

8.5 Right to Data Portability

You have the right on request to receive personal data that you have given to us for processing in a transferable and machine-readable format.

8.6 Right of Complaint to the Supervisory Authority

We always try to process your enquiries and claims as quickly as possible to ensure your rights accordingly. However, depending on the volume of enquiries, it may take up to 30 days before we can provide further information in your case. If it should take longer, we will inform you duly about the reasons for the delay and discuss the further procedure with you.

In some cases, we may not or cannot provide you with any information. Insofar as legally permissible, we will notify you of the reason for declining information.

If you are still not satisfied with our answers and responses or believe that we are in contravention of applicable data privacy laws, you are entitled to lodge a complaint to our Data Protection Coordinator (datenschutz@pfeifergroup.com) or (if available) the Data Privacy Officer (pfeifergroup@2b-advice.com) as well as to a supervisory authority.

The supervisory authority responsible for us is:

Responsible Authority for the Companies

  • Pfeifer Holz GmbH
  • Pfeifer Timber GmbH
  • Euroblock Verpackungsholz GmbH


Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Postfach 606, D-91511 Ansbach
Promenade 27 (Schloss), D-91522 Ansbach

Responsible Authority for the Companies

  • Pfeifer Holz Lauterbach GmbH
  • Pfeifer Holz Schlitz GmbH & Co KG


Der Hessische Datenschutzbeauftragte

Gustav-Stresemann-Ring 1, D-65189 Wiesbaden
Postfach 31 63, 65021 D-Wiesbaden

Responsible Authority for the Companies

  • Pfeifer Holding GmbH (Konzernmutter)
  • Pfeifer Holz GmbH & Co KG

Österreichische Datenschutzbehörde
Wickenburggasse 8
A-1080 Wien

Responsible Authority for Pfeifer Holz s.r.o.

The Office for Personal Data Protection
Pplk. Sochora 27
170 00 Praha 7
Czech Republic

RESPONSIBLE AUTHORITY for Pölkky Oy

Office of the Data Protection Ombudsman
PL 800
00531 Helsinki
Finland

https://tietosuoja.flyhteystiedot