Passion for Timber



Data Protection Statement

Valid from: May 2018

1.1.1 Introduction

Regardless of whether you are a customer, prospective customer, applicant or visitor to our website: We, Pfeifer Holding GmbH (hereinafter: "Pfeifergroup", "we") take the protection of your personal data very important. But, what does this mean in concrete terms?

Below we provide you with an insight into what personal data we collect from you and in what form we process it. Furthermore, you will receive an overview of the rights you are entitled to according to the applicable data protection law. In addition, should you have any questions, we will provide you with a contact person. Who Are We?

Pfeifergroup is a leading company in the European wood industry. In our eight facilities in Austria, Germany and the Czech Republic we practice our philosophy. Passion for timber – Passion for our work with conifer wood.

Within the meaning of the applicable data protection laws, as Controller,

Pfeifer Holding GmbH
Fabrikstraße 54
A-6460 Imst
Telefon: 004354126960358

we take all measures required by applicable data protection laws to ensure the protection of your personal data. If you have any questions regarding this data protection statement, please contact our Data Privacy Coordinator.

Data protection officer for companies listed below based in Germany is: Lars Holdorf, 2B Advice GmbH, Joseph Schumpeter Allee 25, D-53227 Bonn,; Phone: +49 (228) 926165 120

Pfeifer Holz GmbH
Mühlenstraße 7
D-86556 Unterbernbach

Pfeifer Holz Lauterbach GmbH
Am Hällstein 1
D-36341 Lauterbach

Pfeifer Holz Schlitz GmbH & Co KG
Bahnhofstraße 63
D-36110 Schlitz

Pfeifer Timber GmbH
Mühlenstraße 7
D-86556 Unterbernbach

Euroblock Verpackungsholz GmbH
Mühlenstraße 7
D-86556 Unterbernbach

A contact to the Data Protection Coordinator for the companies listed below, based in Austria and the Czech Republic, is available at the following e-mail address:

Pfeifer Holding GmbH (parent company)
Fabrikstraße 54
A-6460 Imst

Pfeifer Holz GmbH & Co KG
Fabrikstraße 54
A-6460 Imst

Pfeifer Holz s.r.o.
Chanovice 102
CZ-34101 Horažďovice

1.1.2 Scope Of The Data Protection Declaration

With the processing of personal data the legislator means activities such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.

Personal data is all the information that relates to an identified or identifiable natural person.

This data protection statement concerns the personal data of customers, interested parties, applicants or visitors.

This data protection statement applies to our websites.

1.1.3 Which Personal Data Do We Process?

When you contact us e.g. as an interested party or customer, we collect your personal data. This may happen, for example, if you are interested in our products, register for our online services, contact us via our communication channels or if you use our products or services in the context of existing business relationships.

We process the following types of personal data:

  • personal identifiable information (PII)
    e.g. first and last name, address data, e-mail address, telephone number, fax number

  • Contracts′ data
    e.g. customer number, order number, invoice data

  • Company-related data
    e.g. company name, department, activity

  • Data on your behaviour online
    e.g. IP addresses, user names, data on your visits to our website, actions carried out on our websites and place of access

  • Information about your interests and wishes, which you communicate to us
    e.g. via our contact form or other communication channels

  • Information about your professional career
    e.g. vocational training, previous employers, other qualifications

and other information comparable to these categories of data. Sensitive Data

Sensitive data and special categories of personal data such as information on religious or trade union membership, are not collected in this way. Personal Data Of Minors

Personal data of children or minors are collected only if they create a customer account with us, register in the career portal, use our communication channels. Use Of Cookies What Are Cookies?

Cookies are files that are placed on your computer by our website or customer portals when you visit the site. These files store information that makes your use of this site more efficient.

This web site uses Google Analytics, a web analysis service of Google Inc. („Google“). Google Analytics uses the so called „Cookies“, text files that are saved on your computer and allow the analysis of the web site use by you. Information produced with cookies through your use of this web site, in general are sent to a Google server in the USA and are saved there. In case of activation of the IP anonymisation on this web site, the IP address is previously shortened by Google within Member States of the European Union or in other contracting member states of the European Economic Area. Just in exceptional cases the entire IP address is sent to a Google server in the USA and is shortened there. On behalf of the provider of this web site, Google will use this information to evaluate your use of the web site, to create reports about the web site activities and to supply further services that are linked with the web site use and internet use to the web site provider. The IP address sent by your browser in the framework of Google Analytics will not be linked to other Google data. You can prevent the saving of cookies with the corresponding setting of your browser software; however, we inform you also of the fact that in this case you will not be able to use completely all the functions of this web site. Furthermore, you can prevent the collection of data produced by cookies and related to your use of the web site (including your IP address) to Google and the processing of these data by Google by downloading and installing the browser plugin available at the following link: Link

Any user who does not agree to the storage and analysis of his anonymized user data when visiting our website can object to this storage and use at any time. An anonymous use of the customer portals is not possible.

Our web site uses Piwik, which is a so called web analysis service. Piwik uses the so called „Cookies“, text files that are saved on your computer and allow the analysis of the web site use by you. To this aim, use information created through cookies (including your shortened IP address) are sent to our server and are saved there for use analyse purposes in order to improve the web site on our side. Your IP address is immediately anonymised in this process, so that you as user remain anonymous to us. Information created with the cookie about your web site use are not forwarded to third parties. You can prevent the use of cookies with the corresponding setting of your browser software; however, it can happen that in this case you will not be able to use completely all the functions of this web site.

This web site uses Hotjar, a web analysis tool. It stores interactions of randomly selected single anonymous users of the internet site. A protocol related, for example, to mouse movements and clicks is created in order to show improvement possibilities of the single internet page. Furthermore, information about the operating system, browser, inbound and outbound references (links), geographic origin, resolution and type of device are analysed to statistical purposes. These information are not personal and are not forwarded by Hotjar to third parties.

If you do not want that data are processed by Hotjar, you can deactivate the use of cookies in the settings of your web browser and delete already existing cookies. By using the header „Do not follow“ („Do Not Track“) you can reject at any moment the collection of your data by Hotjar when you visit a Hotjar Web site. To learn how this happens, click here. More infos about the data processing by Hotjar are available here.

1.1.4 What Do We Process Your Personal Data For - And On What Legal Basis? Performance Of The Contract

We process your data in order to fulfil our contracts. This also applies to information that you provide to us in the context of pre-contractual correspondence. The specific purposes of the data processing depend on the respective product and the submitted request and can also be used to analyse your needs and to check which products and services are suitable for you. Performance Of The Contractual Relationship

For the execution of the contractual relationship we need your name, your address, your telephone number or your e-mail address so that we can contact you. Offering Goods And Services

We also need your personal data to be able to check whether and which products and services we can and may offer you.

Details on the respective purposes of data processing can be found in the contractual documents and our General Terms and Conditions of Business. Carrying Out The Application Process

We process your data that you have sent us as part of your application to check whether your professional qualifications are suitable for the advertised position. We only use your information for the application process and transfer it to your personnel file when a contract is concluded. If no agreement is reached, your information will be deleted or destroyed. We will not use your application information for any other purpose than to conduct the application process. Balancing Interests: We Improve Our Services And Offer You Suitable Products Data Processing And Analysis For Marketing Purposes

Your needs are important to us and we try to provide you with information about products and services that exactly suit you. For this purpose, we use the findings of our joint business relationship and market research. Our main goal is to adapt our product proposals to your needs. In this context, we guarantee that we always process the data in accordance with applicable data protection law. Important: You can object to the use of your personal data for this purpose at any time.

What exactly do we analyse and process?

  • Results of our marketing activities to measure the efficiency and relevance of our campaigns;
  • Information from your visits to our website;
  • We analyse the possible needs of our products and services. Newsletter

If you would like to receive this newsletter, we need your email address and additional information that will allow us to verify that you are the owner of the email address provided and that you agree to receive the newsletter.

We use a double opt-in procedure so your contacts receive only the emails they've agreed to get. In order for a potential subscriber to sign up for a newsletter, they have to complete all the steps of this process. This process is complete (and legally watertight!) once a user has clicked on the confirmation link in the double opt-in email. Their email address will be activated in your contact list only once they've confirmed their subscription.

We use this data exclusively for sending information and offers you have requested.

Newsletter2Go is the email marketing software used. This means your information is transmitted to Newsletter2Go GmbH. Newsletter2Go is prohibited from selling your data and from using it for purposes other than sending email. Newsletter2Go is a certified German email marketing software provider, working in accordance with the European directive 95/46, as well as the German Federal Data Protection Act (BDSG).

More Info:

When you give a company permission to store your personal information and email address and to send you marketing emails, you can revoke this consent at any time via the unsubscribe link in every mailing.

Data protection measures are always subject to technical innovations. For this reason, we ask you to inform yourself about our data protection measures at regular intervals by consulting our data protection policy. Measures To Serve Your Protection

Among others, we use your personal data in the following cases:

  • We analyse your data to protect you or your company from fraudulent activities, This may happen, for example, if you have been the victim of identity theft or if unauthorized people have otherwise gained access to your user account;
  • Our IT support works closely with you in case of technical problems to improve the reliability of our web applications. In this context, we also evaluate logs of page accesses, actions performed, etc;
  • To be able to guarantee IT security;
  • In order to be able to record and prove facts in the event of possible legal disputes. On The Basis Of Your Consent

If you have consented to the processing of your personal data for one or more specific purposes, we may process your data. You can withdraw this consent at any time for the future without incurring any costs other than the transmission costs according to the basic tariffs (costs of your Internet connection). However, the withdrawal of consent does not affect the legality of the processing up to the withdrawal. Due To Legal Requirements Or In The Public Interest

As a company, we are subject to a wide variety of legal requirements (e.g. from tax legislation). In order to comply with our legal obligations, we process your personal data.

1.1.5 Where We Transmit Data And Why Use Of Data Within Pfeifergroup

Within Pfeifergroup only those entities that need your personal information in order to fulfil our contractual or legal obligation or to protect our legitimate interest will have access to them. Use Of Data Outside Pfeifergroup

We respect the protection of your personal data and we pass on information about you only if required by law, if you have given your consent or to fulfil contractual obligations.

For the following recipients, for example, there is a legal obligation to pass on your personal data

  • Public authorities or supervisory authorities, e.g. tax authorities, customs authorities;
  • Judicial and law enforcement authorities, e.g. police, courts, public prosecutors;
  • Lawyers or notaries, e.g. in legal disputes;
  • Chartered Accountant/ Auditors.

In order to fulfil our contractual obligations, we cooperate with other companies. These include:

  • Transport service providers and freight forwarders;
  • Organisers and training service providers, if you have registered through us for certain trade fairs or events;
  • Banks and financial service providers to handle all financial matters.

Our own service providers
In order to make our operations more efficient, we use the services of external service providers who may receive personal data from you for the purposes described, including IT service providers, printing and telecommunications service providers, debt collection, consulting or sales companies.

Important: We pay close attention to your personal data!

In order to ensure that the service providers comply with the same data protection standards as in our company, we have concluded appropriate contracts for order processing. These contracts regulate, among other things:

  • that third parties only have access to the data they need to carry out the tasks assigned to them;
  • that the service providers only grant access to your data to employees who have explicitly committed themselves to comply with data protection regulations;
  • that the service providers comply with technical and organisational measures that guarantee data security and data protection;
  • what happens to the data when the business relationship between the service provider and us is terminated

For service providers based outside the European Economic Area (EEA), we take special security measures (e.g. by using special contractual clauses) to ensure that the data is treated with the same level of caution that is exercised in the EEA. We regularly check all our service providers for compliance with our specifications.

Very important: Under no circumstances do we sell your personal data to third parties! Use Of Data Within The PfeifergroupGroup CONCERN

In order to provide you with the best possible service, we occasionally exchange data within the Group. We guarantee that the applicable data protection regulations are observed and that your personal data is adequately protected at all times.

For this reason, we have taken appropriate measures to ensure compliance with data protection within the Pfeifergroup concern:

We have concluded appropriate contracts with the individual subsidiaries to ensure that personal data shared within the Group remains protected at all times.

In accordance with these contracts and applicable data protection laws, we transfer personal data to our production and sales subsidiaries only for the purposes stated in this data protection statement. In doing so, we support our subsidiaries both in their operations and in their compliance with the technical and organizational measures that we also use at the parent company ( Pfeifer Holding GmbH) to guarantee the security of your personal data. If possible, we protect your data by using pseudonymisation or anonymisation measures. If subsidiaries are located outside the EEA, we take appropriate measures to ensure that the personal data processed there is just as protected as within the EEA.

1.1.6 Are You Obliged To Provide Us With Personal Data?

In the context of the business relationship between you and Pfeifergroup, we require from you the following categories of personal data:

  • all necessary data for the establishment and implementation of a business relationship;
  • data required for the fulfilment of contractual obligations;
  • data that we are legally obliged to collect.

Without these data it is not possible for us to enter into or execute contracts with you.

1.1.7 Deletion Periods

In accordance with the applicable data protection regulations, we do not store your personal data longer than we need for the purposes of the respective processing. If the data is no longer required for the fulfilment of contractual or legal obligations, it will be regularly deleted by us, unless its temporary storage is still necessary. There may be the following reasons for further storage:

  • Obligations under commercial and tax law to retain data must be observed: The periods for storage, primarily in accordance with the provisions of the Commercial Code and the Fiscal Code, are up to 10 years.
  • To obtain evidence in the event of legal disputes within the framework of statutory limitation periods: in civil law, statutory limitation periods may be up to 30 years, with the regular limitation period occurring after three years.

1.1.8 Your Rights

Within the scope of processing your personal data, you also have certain rights. More detailed information can be found in the corresponding provisions of the General Data Protection Regulation (Articles 15 to 21). Right To Information And Correction

You have the right to obtain information from us on which of your personal data we process. If this information is not (no longer) correct, you can ask us to correct the data, or, if it is incomplete, to complete it. If we have passed on your data to third parties, we will inform the relevant third parties in the event of a corresponding legal situation. Right To Deletion

You can request the immediate deletion of your personal data under the following circumstances:

  • When your personal information is no longer needed for the purposes for which it was collected;
  • If you have revoked your consent and there is no other legal basis for data processing;
  • If you object to the processing and there are no overriding legitimate reasons for data processing;
  • If your data is processed unlawfully;
  • If your personal data must be deleted in order to comply with legal obligations.

Please note that before deleting your data we must check whether there is not a legitimate reason for processing your personal data. Right To Restriction Of Processing ("Right To Block")

You may request us to restrict the processing of your personal data for one of the following reasons:

  • If you dispute the accuracy of the data until we have had the opportunity to verify the accuracy of the data;
  • If the data is processed unlawfully, but instead of being deleted, you merely request the restriction of the use of personal data;
  • If we no longer need the personal data for the purposes of processing, but you still need them to assert, exercise or defend in the course of legal claims;
  • If you have filed an objection against the processing and it is not yet clear whether your legitimate interests outweigh ours. Right To Object Right Of Objection In Individual Cases

If the processing is carried out in the public interest or on the basis of a balance of interests, you have the right to object to the processing for reasons arising from your particular situation. In the event of an objection, we will not process your personal data further, unless we can prove compelling reasons for processing your data, which outweigh your interests, rights and freedoms, or because your personal data serve to assert, exercise or defend legal claims. The objection shall not preclude the legality of the processing carried out up to the time of the objection. Object Against The Use Of Data For Advertising Purposes

In cases where your personal information is used for advertising purposes, you can object to this form of processing at any time. We will no longer process your personal information for these purposes.

The objection can be made form-free and should be addressed to:
E-mail Right To Data Portability

Upon requests, you have the right to receive personal data that you have given us for processing in a transferable and machine-readable format. Right To Lodge A Complaint With A Supervisory Authority (Art. 77 GDPR)

We try to process your requests and claims as quickly as possible in order to protect your rights appropriately. Depending on the frequency of enquiries, however, it may take up to 30 days before we can provide you with further information about your request. If it should take longer, we will inform you promptly of the reasons for the delay and discuss the further process with you.

In some cases we may not or cannot give you any information. If legally permissible, we will inform you of the reason for refusing to disclose the information.

However, should you not be satisfied with our answer and responses or should you be of the opinion that we are violating the current data protection law, you are free to file a compliant with our Data Privacy Coordinator ( as well as the relevant supervisory authority.

The supervisory authority for the companies Pfeifer Holz GmbH, Pfeifer Timber GmbH, Euroblock Verpackungsholz GmbH:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Postfach 606, D-91511 Ansbach
Promenade 27 (Schloss), D-91522 Ansbach

The supervisory authority for the companies Pfeifer Holz Lauterbach GmbH und Pfeifer Holz Schlitz GmbH & Co KG:
Der Hessische Datenschutzbeauftragte
Gustav-Stresemann-Ring 1, D-65189 Wiesbaden
Postfach 31 63, 65021 D-Wiesbaden

The supervisory authority for the companies Pfeifer Holding GmbH (parent company) und Pfeifer Holz GmbH & Co KG:
Österreichische Datenschutzbehörde
Wickenburggasse 8
A-1080 Wien

The supervisory authority for Pfeifer Holz s.r.o.:
The Office for Personal Data Protection
Pplk. Sochora 27
170 00 Praha 7
Czech Republic

1.2 Version

This Data Protection Statement is valid as of May 2018.