Passion for Timber


Pfeifer Holding GmbH

Data privacy statement

Valid from: April 2022


Regardless of whether you are a customer, interested party, applicant or visitor to our website: We, Pfeifer Holding GmbH (hereinafter: “Pfeifergroup”, “we”) take the protection of your personal data very seriously. But what does this mean specifically?

In the following, we provide you with an overview of what personal data of yours we collect and in what form we process it. Furthermore, you gain an overview of the rights to which you are entitled according to the applicable data privacy law. In addition, we state your contact person in case you have any further questions.


The Pfeifergroup is among the leading companies in the European timber industry. We practice our philosophy at eight locations in Austria, Germany and the Czech Republic: Passion for timber – dedication to working with coniferous wood.

As the controller as defined by the applicable data privacy laws, we,

Pfeifer Holding GmbH
Fabrikstraße 54
A-6460 Imst
Telephone: +43 5412 6960 - 351

take all the measures required by the applicable data privacy law to ensure the protection of your personal data. For all questions regarding this data privacy statement, we kindly request that you contact our data privacy coordinator at


The following companies of the Pfeifergroup in Germany have a data privacy officer who can be contacted in case of any questions about the data processing of these companies, at the following details.

Data privacy officer contact details
Dr. Laurent Dechâtre
2B Advice GmbH
Joseph-Schumpeter-Allee 25
D-53227 Bonn
Telephone: +49 228 926165 - 120

Pfeifer Holz GmbH
Mühlenstraße 7
D-86556 Unterbernbach

Pfeifer Holz Lauterbach GmbH
Am Hällstein 1
D-36341 Lauterbach

Pfeifer Holz Schlitz GmbH & Co KG
Bahnhofstraße 63
D-36110 Schlitz

Pfeifer Timber GmbH
Mühlenstraße 7
D-86556 Unterbernbach

Euroblock Verpackungsholz GmbH
Mühlenstraße 7
D-86556 Unterbernbach


It is possible to contact the data privacy coordinator for the companies listed below with their head office in Austria and the Czech Republic at the e-mail address

Pfeifer Holding GmbH (parent company)
Fabrikstraße 54
A-6460 Imst

Pfeifer Holz GmbH & Co KG
Fabrikstraße 54
A-6460 Imst

Pfeifer Holz s.r.o.
Chanovice 102
CZ-34101 Horažďovice


Processing of personal data is understood by the law as activities such as the collecting, compiling, organisation, ordering, storing, modification or change, reading, accessing, use, disclosure through transmission, spreading or other form of provision, comparison or association, restricting, erasure or destruction of personal data.

Personal data is all information that relates to an identified or identified natural person.

This data privacy statement is about the personal data of customers, interested parties, applicants or visitors.

This data privacy statement applies to our websites,,, and


We record your personal data if you enter into contact with us e.g. as an interested party or customer. This can come about, for example, if you are interested in our products, register for our online services, contact us through our communication channels, or use our products or services over the course of an existing business relationship.

We process the following types of personal data:

  • Details for personal identification 
    e.g. first name and surname, address details, e-mail address, telephone number, fax number
  • Order details
    e.g. customer number, order number, invoice details

  • Company-related details
    e.g. corporate name, department, position
  • Details about your online behaviour
    e.g. IP addresses, user name, details about your visits to our website, actions carried out on our websites and the access location

  • Information about your interests and wishes that you inform us of
    e.g. through our contact form or through other communication channels

  • Information about your professional history
    e.g. training, previous employers, other qualifications

as well as other information comparable with these data categories.


Sensitive data, especially categories of personal data as defined by Art. 9 par. 1 GDPR such as information about religious or trade union affiliation, is not collected in this manner.


Personal data pertaining to children or minors is only collected if they register in the career portal or use or communication channels.



Cookies are files that are deposited by our website or by the customer portals on your computer while you are accessing the site. These files store information that make the use of this page more efficient. The following cookies are used on the homepages of the Pfeifergroup. WEBSITE PFEIFERGROUP.COM


This website uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files that are deposited on your computer and that enable an analysis of your use of the website. The information generated by the cookie about your use of the website is generally transmitted to a Google server in the USA and stored there. In case of the activation of IP anonymisation on this website, your IP address is abbreviated beforehand within member states of the European Union or in other contracting states to the Agreement on the European Economic Area.

It is only in exceptional cases that the full IP address is transmitted to a Google server in the USA and abbreviated there. Upon instruction of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports about website activities and to provide further services to the website operator associated with website and Internet use. The IP address transmitted by your browser as part of Google Analytics is not merged with other Google data. You can find further information about the handling of user data by Google Analytics in the Google data privacy statement:

You can prevent the depositing of cookies through an appropriate setting of your browser software; however, we would like to point out that in this case you may not be able to use the full scope of functions of this website.

Furthermore, you can prevent the collection of the data generated by the cookie and relating to your use of the website (incl. your IP address) by Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available under the following link:

Every user who does not agree to the storing and evaluation of their anonymised user data about their visit to our website can object to this storage and usage at any time. An anonymised use of the customer portal is not possible.

1.4.3 MATOMO

Our website uses functions of the web analysis services Google Analytics and Matomo. The provider of Google Analytics is Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Matomo operates on servers of Cookis GmbH, 6460 Imst, Franz Xaver Rennstraße 4 (Bakehouse customers). Cookies are used for this that enable the analysis of the use of the website by its users. The generated information is transmitted to the server of the respective provider and stored there.

You can prevent this by setting up your browse so that no cookies are stored there. Your IP address is recorded but then immediately pseudonymised by erasing the last eight bit. This means that only rough localisation is still possible.

The data processing is on the basis of the legal provisions of § 96 par. 3 TKG (Telecommunications Act), as well as Art. 6 par. 1 line a (consent) of the GDPR.

As the privacy of our users is important to us, the user data is pseudonymised.

1.4.4 HOTJAR

This website uses Hotjar, a web analysis tool. It makes anonymous recordings of interactions of randomly selected, individual visitors to the Internet site. This results in a logging of e.g. mouse movements and clicks, with the aim of showing potential for improvement of the respective Internet page. In addition, information about the operating system, browser, incoming and outgoing links, geographical origin, as well as the resolution and type of device is evaluated for statistical purposes. This information is not personally attributable and is not passed on to third parties by Hotjar.

If you do not wish data processing by Hotjar, you can deactivate the use of cookies in your web browser settings and delete already active cookies.

Through the use of the header “Do not track”, you can decline the collection of your data by Hotjar at any time when visiting a Hotjar website. You can find out how this works through click here.

You can find out more about data processing by Hotjar here.


Within our online offer, the so-called “Facebook Pixel” of the social network Facebook is used, which is operated by Facebook Ireland Limited, 4 Grand Canal Quare, Dublin 2, Irland (“Facebook“).

If a user clicks on an advertisement we have placed that is displayed on Facebook, an add-on is added to the URL of our linked website through Facebook Pixel. If our page allows the sharing of data with Facebook through Pixel, this URL parameter is entered into the browser of the user via a cookie that our linked page places itself. This cookie is then read by Facebook Pixel and allows the data to be passed on to Facebook.

With the help of the Facebook Pixel, it is on the one hand possible for Facebook to determine the visitors to our online offer as a target group for the display of advertisements (so-called “Facebook Ads”). We use the Facebook Pixel accordingly to show the Facebook ads we have placed only to those Facebook users who have shown an interest in our online offer or who have certain traits (e.g. interests in certain themes or products determined by the websites visited), which we transmit to Facebook (so-called “Custom Audiences”). With the help of the Facebook Pixel, we also want to ensure that our Facebook ads correspond to the potential interest of users and are not bothersome. This allows us to continue evaluating the effectiveness of the Facebook advertisements for statistical and market research purposes, by tracking whether users were forwarded to our website after clicking on a Facebook advertisement (so-called “conversion”).

The collected data is anonymous for us and so we cannot determine the identity of the users. However, the data is stored and processed by Facebook, so that a link to the respective user profile is possible and Facebook can use the data for their own advertising purposes, in accordance with the Facebook data usage guideline ( The data can allow Facebook and their partners to place advertisements on and outside of Facebook.

At you can decline the placement of advertisements by Facebook and their partners and revise settings.

The data processing associated with the use of the Facebook Pixel is on the basis of your consent to the evaluation, optimisation and economic operation of our online offer and our advertising measures.

The information generated by Facebook is as a rule conveyed to a Facebook server and stored there, with a possible transmission to the servers of Facebook Inc. in the USA. Therefore, the EU standard contract clauses were concluded with Facebook Inc. based in the USA that ensure compliance with the data protection standards applicable in the EU.


The LinkedIn Insight Tag is a small JavaScript code excerpt that you can add to your website to enable detailed campaign reports and gain valuable information about the visitors to your website. As a customer of LinkedIn Marketing Solutions, you can use the LinkedIn Insight Tag to track conversions, carry out retargeting of your website visitors and gain additional information about the members who look at your advertisements.

The LinkedIn Insight Tag enables the collection of data about visits to your website, including ZRL, referrer URL, IP address, device and browser properties (user agent), as well as time stamp. The IP addresses are shortened or (if they are used to reach members across different devices) hashed. The direct identifiers of the members are removed within seven days to pseudonymise the data. The remaining pseudonymised data is then erased within 180 days.

LinkedIn does not share any personal data with the owner of the website but only offers reports (in which you are not identified) about the website target group and campaign success. LinkedIn also offers a retargeting for website visitors, so that the owner of the website can display targeted advertising outside of their website with the help of this data without the member being identified. We also use data that does not identify you to improve the relevance of advertisements and to reach members across different devices. Members of LinkedIn can control the use of their personal data for advertising purposes through their account settings.


This website uses the Google Tag Manager. Google Tag Manager is a solution with which marketers can manage website tags through an interface. The tool itself (that implements the tags) is a domain without cookies and does not store any personal data. The tool ensures the triggering of other tags that may collect data on their part. Google Tag Manager does not access this data. If a deactivation was carried out on a domain or cookie level, this continues to apply to all tracking tags that are implemented with Google Tag Manager.

Recipient: Information about the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland. So-called standard contract clauses were concluded with this service provider as suitable guarantees in accordance with Art. 46 GDPR. Further information about this is available here:

The legal basis is your consent to this data processing.

1.4.8 Bakehouse

This website uses Bakehouse CMS. Bakehouse CMS is a tool for cookie management and the management of consent or user settings. The cookie manager scans for new cookies at regular intervals and lists them in an upstream warning. It is an all-in or nothing solution. Users can decide whether tracking is allowed or not.

1.4.9 YouTube

Unsere Webseite nutzt Plugins der von Google betriebenen Seite YouTube. Betreiber der Seiten ist die YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. Wenn Sie eine unserer mit einem YouTube-Plugin ausgestatteten Seiten besuchen, wird eine Verbindung zu den Servern von YouTube hergestellt. Dabei wird dem Youtube-Server mitgeteilt, welche unserer Seiten Sie besucht haben.

Wenn Sie in Ihrem YouTube-Account eingeloggt sind ermöglichen Sie YouTube, Ihr Surfverhalten direkt Ihrem persönlichen Profil zuzuordnen. Dies können Sie verhindern, indem Sie sich aus Ihrem YouTube-Account ausloggen.
Weitere Informationen zum Umgang von Nutzerdaten finden Sie in der Datenschutzerklärung von YouTube unter


Contact information is stored in a structured manner through the website (contact forms) or through direct contact with sales staff. All enquiries received through the website are checked in accordance with data privacy (double opt-in procedure).

On the one hand, this information is used in newsletter campaigns. Depending on the contact interest, customer segments are generated and specific online marketing materials are displayed to them. For each of these e-mails, an opt-out link is provided. This leads to a contact profile in which the contact can define their communication preferences. The success of the newsletter campaigns is measured by means of click rates.

On the other hand, Dynamics 365 is used to assign data from contact enquiries through the website to a responsible salesperson. The latter is then able to view this data via an app and make contact with the interested party.

The salesperson can also save trade fair contact directly in this app to ensure a structured follow-up.



If you have consented to the processing of your personal data for one or more specific purposes, the processing of your data by us is permissible (Art. 6 par. 1 line a GDPR). You can withdraw this consent at any time in relation to the future (Art. 7 par. 3 GDPR), without incurring for yourself other than the transmission costs according to the basic tariffs (costs of your Internet connection). The withdrawal of your consent does not affect the legitimacy of processing that took place up until the revocation. NEWSLETTER

You have the possibility to subscribe to our newsletter through our website. To do so, we need your e-mail address and your declaration that you agree to receiving the newsletter. To provide you with targeted information, we also collect and process voluntarily given details such as browser language and name.

As soon as you have subscribed to the newsletter, we send you a confirmation e-mail with a link to confirm the registration.

You can cancel the newsletter subscription at any time. Please send your cancellation to the following e-mail address. We then erase your data immediately in relation to the newsletter mailing.


We process your data to be able to fulfil our contracts (according to Art. 6 par. 1 line b GDPR). This also applies to details that you provide us with as part of precontractual correspondence. This includes contacting you for the purpose of applying for a job we have advertised. The concrete purposes of the data processing depend on the respective product and the request made and can also be used to analyse your requirements and evaluate which products and services are suitable for you. To carry out the contractual relationship (precontractual measures and concluding the purchase contract), we need your name, your address, your telephone number and e-mail address so that we can contact you. OFFERING GOODS AND SERVICES

We also need your personal data to evaluate whether and which products and services we can and may offer you (precontractual measures for putting together an offer).

You can view details of the respective purposes of the data processing in the contract documents and our General Terms and Conditions, as well as this data privacy statement. CONTACT FOR APPLICATION VIA WHATSAPP-BUSINESS

We process your data that you disclose to us when contacting us for the purpose of applying for an advertised position. For job advertisements, we provide a telephone number in the job profile where applicants can contact us via WhatsApp to make initial contact and possibly arrange an appointment for an interview. For this purpose, we use the messaging service WhatsApp-Business of WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. When using WhatsApp-Business, we process your private telephone number, your profile picture and your first and last name. Your data will only ever be used for the purpose of your application. It will not be passed on to third parties. Subject to the legal retention period, your contact data and chat history will be deleted after the application process has been completed.

Please note that WhatsApp-Business generally obtains access to the address books of the mobile devices used by the users if they agree to the synchronisation of their address books. In order to ensure the security of your data and to protect it from being transferred to the parent company Meta Platforms Inc. in the USA, we have not consented to the address book synchronisation on the end devices used by us and for WhatsApp-Business.

Your data will therefore not be transferred to third parties. Please note that for this reason only you can make initial contact with us.

For the purpose and scope of the data collection and the further processing and use of the data by WhatsApp, as well as your rights in this regard and setting options for protecting your privacy, please refer to the WhatsApp data protection information: CARRYING OUT THE APPLICATION PROCEDURE

We process your data that you have sent to us as part of your application, to check whether your subject qualifications are suitable for the advertised position. We only use your information for the application procedure and keep it in your personnel file when concluding a contract. If no appointment is made, your information is erased or destroyed, unless you give your consent to it being stored in the applicant database. We will not use your applicant information for any other purpose than for carrying out the application procedure.


As a company, we are subject to a range of legal regulations. To meet our legal obligations, we process your personal data insofar as is necessary according to Art. 6 par.1 line c GDPR.


Your requirements are important to us and we try to provide you with information about products and services that are precisely tailored to you. To do so, we use the knowledge gained from our joint business relationship as well as from our market research and process your personal data for this purpose on the basis of our legitimate interest (Art. 6 par. 1 line f GDPR). The key aim of this is to adapt our product suggestions to your requirements. With regard to this, we guarantee that we always process the data in accordance with the applicable data privacy law. Important: You can object at any time to the use of your personal data for this purpose (Art. 21 GDPR).

What do we analyse and process concretely?

  • Results of our marketing campaigns to assess their efficiency and relevance;
  • information regarding your visits to our website;
  • we analyse the potential demand for our products and services. MEASURES FOR YOUR SAFETY

We use your personal data in the following cases, among others:

  • We analyse your data to protect you or your company against fraudulent activities. This can happen e.g. if you have become a victim of identity theft or unauthorised persons have gained access to your user account through other means;
  • to improve the reliability of our web applications, our IT support works closely with you in case of technical problems. In relation to this, we also evaluate logging of page call-ups, actions carried out etc.;
  • to be able to ensure IT security;
  • in case of possible legal disputes to be able to assess and verify issues.



Within the Pfeifergroup, access to your personal data is only granted to staff who need it to fulfil our contractual or legal obligations or to uphold our legitimate interests. For this reason, we have taken corresponding measures to ensure compliance with data privacy within the Pfeifergroup:

we have concluded respective contracts with the individual subsidiaries that ensure that personal data that is exchanged within the corporation is always protected.

In accordance with these agreements and the applicable data privacy law, we only transmit personal data to our production and sales subsidiaries for the purposes stated in this data privacy statement. We support our subsidiaries both operatively and in complying with the technical and organisational measures that we also apply at the parent company (Pfeifer Holding GmbH) to ensure the safety of your personal data. If possible, we protect your data through pseudonymisation or anonymisation measures. If subsidiaries are located outside of the EEA, we ensure through appropriate measures that the personal data processed there is protected equally to within the EEA.


We pay attention to protecting your personal data and only pass on information about you if legal regulations make it mandatory, you have consented or it is necessary to fulfil contractual obligations.

For the following recipients, for example, there may be a legal obligation to pass on you personal data:

  • public offices or supervisory authorities, e.g. tax offices, customs authorities;
  • judicial and law enforcement authorities, e.g. police, courts, department of public prosecution;
  • solicitors or notaries, e.g. for legal disputes;
  • auditors.

In order to fulfil our contractual obligations, we cooperate with other companies. These include:

  • transport services and hauliers;
  • events organisers and training service providers, if you have registered through us for certain trade fairs or events;
  • banks and financial services providers for processing financial matters.

Own service providers
To be able to run our business efficiently, we make use of the services of external providers who may receive your personal data to fulfil the purposes described, including IT service providers, printing and telecommunications service providers, collection agencies, consulting or marketing companies.

Important: We take great care of your personal data!

To ensure that the service providers comply with the same data privacy standards as our company, we have concluded corresponding agreements for order processing. These agreements regulate, for example:

  • that third parties are only granted access to the data that they need to complete the tasks assigned to them;
  • that at the service providers it is only staff that have explicitly been obliged to comply with the data privacy regulations that receive access to your data;
  • that technical and organisational measures are adhered to by the service providers that ensure data security and data privacy;
  • what happens to the data when the business relationship between us and the service provider is terminated.

For service providers with their head office outside of the European Economic Area (EEA), we take special security measures (e.g. through the use of special contract clauses) to ensure that the data is handled with the same degree of care as in the EEA. We check all our service providers regularly with regard to compliance with our instructions.

Very important: In no case do we sell your personal data to third parties!


In the context of the business relationship between you and Pfeifergroup, we need from you the following categories of personal data:

  • all the necessary data for establishing and carrying out a business relationship;
  • data that is needed to fulfil contractual obligations;
  • data that we are legally obliged to collect.

Without this data, it is not possible for us to enter into or fulfil contracts with you.


In accordance with the applicable data privacy regulations, we do not store your personal data for longer than we need it for the purposes of the processing in question. If the data is no longer needed to fulfil contractual or legal obligations, we erase it regularly unless a further term of storage remains necessary. The following reasons may necessitate further retention:

  • Commercial or tax law obligations must be complied with: The retention periods according to the regulations of the Commercial Code and Tax Code are up to 10 years.
  • To retain proof in case of legal disputes as part of legal statute of limitations regulations: Statutes of limitations can be up to 30 years in civil law, whereby the regular statute of limitations expires after three years.


You have certain rights regarding the processing of your personal data. Further details are stated in the respective regulations of the GDPR (in Articles 15 to 21).


You have the right to receive information from us about which of your personal data we are processing. If this information is not or no longer correct, you can request rectification of the data or additions in case of incompleteness. If we have passed your data on to third parties, we inform the respective third parties of the applicable legal situation.


Under the following circumstances, you can demand the immediate erasure of your personal data:

  • if your personal data is no longer needed for the purposes for which it was collected;
  • if you have withdrawn your consent and there is no other legal basis for processing the data;
  • if you object to the processing and there are no overriding legitimate grounds for processing the data;
  • if your data is processed unlawfully;
  • if your personal data must be erased to fulfil legal obligations.

Please note that before erasing your data we must check that there is no legitimate reason for processing your personal data.


For one of the following reasons, you can demand from us the restriction of the processing of your personal data:

  • If you dispute the correctness of the data, until we have had the opportunity to verify the correctness of the data;
  • If the data is unlawfully processed, but you only request the restriction of the use of the personal data instead of erasure;
  • If we no longer need the personal data for the purposes of the processing but you still need it for the assertion, enforcement or defence of legal claims;
  • If you have objected to the processing and it has still not been established whether your legitimate interests take precedence over ours.


If the processing is in the public interest or on the basis of a balancing of interests, you have the right to object to the processing for reasons pertaining to your particular situation. If an objection has been raised, we will no longer process your personal data, unless we can prove mandatory grounds for the processing of your data worthy of protection that take precedence over your interests, rights and freedoms, or unless your personal data serves the assertion, enforcement or defence of legal claims. The objection does not nullify the legitimacy of the processing already carried out up until the objection. OBJECTION TO ADVERTISING

In cases in which your personal data is used for advertising campaigns, you can object at any time against this form of processing. We will then no longer process your personal data for these purposes. The objection does not require a specific form and should be addressed to the e-mail address


You have the right on request to receive personal data that you have given to us for processing in a transferable and machine-readable format.


We always try to process your enquiries and claims as quickly as possible to ensure your rights accordingly. However, depending on the volume of enquiries, it may take up to 30 days before we can provide further information in your case. If it should take longer, we will inform you duly about the reasons for the delay and discuss the further procedure with you.

In some cases we may not or cannot provide you with any information. Insofar as legally permissible, we will notify you of the reason for declining information.

If you are still not satisfied with our answers and responses or are of the opinion that we are contravening the applicable data privacy law, you are entitled to lodge a complaint to our data privacy coordinator ( or (if available) the data privacy officer ( as well as to the responsible supervisory authority. The supervisory authority responsible for us is:

RESPONSIBLE AUTHORITY for the companies Pfeifer Holz GmbH, Pfeifer Timber GmbH, Euroblock Verpackungsholz GmbH:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA - Bavarian State Office for Data Privacy Supervision)
P.O. Box 606, D-91511 Ansbach
Promenade 27 (Schloss), D-91522 Ansbach

RESPONSIBLE AUTHORITY for the companies Pfeifer Holz Lauterbach GmbH and Pfeifer Holz Schlitz GmbH & Co KG:
Der Hessische Datenschutzbeauftragte (Data Privacy Officer for Hessen)
Gustav-Stresemann-Ring 1, D-65189 Wiesbaden
P.O. Box 31 63, 65021 D-Wiesbaden

RESPONSIBLE AUTHORITY for the companies Pfeifer Holding GmbH (parent company) and Pfeifer Holz GmbH & Co KG:
Österreichische Datenschutzbehörde (Austrian Data Protection Authority)
Wickenburggasse 8
A-1080 Vienna

RESPONSIBLE AUTHORITY for Pfeifer Holz s.r.o.
The Office for Personal Data Protection
Pplk. Sochora 27
170 00 Prague 7
Czech Republic


Status of the data privacy statement: April 2022.