Zollstock block01 419 1 1

Data Privacy Policy

Obligation to provide information when collecting personal data are collected from the data subject.

1. Controller and contact details
The controller is Pickawood GmbH (hereinafter referred to as the controller) and processes the data provided by the data subject (hereinafter referred to as the customer) in accordance with the provisions of the European Data Protection  Regulation (hereinafter referred to as the GDPR). 

The contact details of the controller are as follows:
Address: Rödingsmarkt 20, 20459 Hamburg, Germany
Phone: +49 (0)40 524 77770

Phone number Switzerland (CH) (AT): 04350 80965
Phone number Austria (AT): 07208 81537
Phone number France (FR): +49 (0)40 524 77770
Phone number Great Britain (UK): +49 (0)330 808 4870

Fax: +49 (0)40 228 17034-9
Email: [email protected] 

2. Data protection commissioner
The data protection officer of the data controller is Dr. Martin Bahr.

The contact details of the data protection officer are:
Address: Dr. Bahr Consulting GmbH, Mittelweg 41a, 20148 Hamburg, Germany
Phone: +49 (0)40 555 98300
E-mail: [email protected]

3. Purpose and legal basis
The processing of the customer's personal data is necessary for the fulfilment of a contract to which the customer is a party or for the implementation of pre-contractual measures, which are carried out at the request of the customer. This also concerns in particular to the registration for the newsletter as well as the saving of product configurations. The legal basis for this processing is Art. 6 Para. 1 b) DSGVO. 

In the event that the customer uses the contact form or the live chat or contacts the controller in any other way, in particular by e-mail, telephone, fax or post, the personal data will be used exclusively to process the customer's enquiry. The legal basis for this processing is the customer's consent according to Art. 6 para. 1 a) DSGVO.

In the other cases in which personal data are processed, the processing is carried out in order to protect the legitimate interests of the controller, namely to analyse the use of the website with the help of using web analysis tools (see point 4.6.) or to identify, limit or eliminate malfunctions or errors on the website. The legal basis for this processing is Art. 6 para. 1 f) DSGVO. The controller refers to the customer's right to reject. The customer receives more detailed information under point 9 of this declaration.

4. Recipients
The personal data of the customer which are transmitted to the controller will be made available to the following recipients: 

4.1. Fulfilment of the contract or implementation of pre-contractual measures:

In order to fulfil the contract or the implementation of pre-contractual measures, the personal data of the customer, which are transmitted to the controller, are made accessible to the following recipients:

- CRM software provider (See point 4.7.)
- Databases + data hosting provider
- Email service provider
- IT service provider
- Web analytics software provider
- Web hosting provider
- Banks
- Tax authorities
- Manufacturers + producers
- Logistics service provider
- Management service provider
- Assembly + installation service providers
- Payment service provider
- Tax consultant 
- Telephone provider

Personal data will not be made available to third parties without the written consent of the customer unless this is required by law.

4.2. Sending an order and payment via credit card:

All credit card payments are processed by Concardis. Concardis is subject to the specifications of the "Payment Card Industry (PCI) Data Security Standards" and has been certified by Security Research & Consulting GmbH. Security Research & Consulting GmbH is accredited by the Federal Office for Information Security (BSI) as a test centre for evaluation of security components according to the internationally recognized Common Criteria (ISO 15408) (registration number BSI-APS-9026).

Processing location: Germany

Privacy policy: https://www.concardis.com/datenschutzerklaerung

4.3. Sending an order and payment on account: 

If the payment method "invoice" is used, the creditworthiness of the customer is determined with the help of Creditreform Boniversum GmbH, Hammfelddamm 13, 41460 Neuss, Germany, before the order is confirmed and executed. Creditreform Boniversum GmbH is a consumer credit agency. It operates a database in which creditworthiness information about private individuals is stored. In the Creditreform Boniversum database, information is stored in particular on the name, address, date of birth, email address (if applicable), payment history and shareholding of individuals. The purpose of processing the stored data is to provide information on the creditworthiness of the person inquired about. The legal basis for the processing is Art. 6 para. 1 f) EU-DSGVO. you can find further information at https://www.boniversum.de/eu-dsgvo/informationen-nach-eu-dsgvo-fuer-verbraucher/

4.4. Sending an order and payment via Amazon Payments

When paying via Amazon Payments, all personal data disclosed to or collected by Amazon Payments is controlled primarily by Amazon Payments s.c.a. (the "Controller") and also by Amazon EU SARL, Amazon Services Europe SARL and Amazon Media EU SARL, all three are located at 5, Rue Plaetis L 2338, Luxembourg. By using Amazon Payments, you acknowledge Amazon Payments' privacy policy. For more information, please visit https://pay.amazon.co.uk/.

4.5. Sending an order and payment via PayPal

If you pay via PayPal, you will be forwarded to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as "PayPal") for payment processing. For this purpose, we transfer the price and the order number of your order to PayPal. For further information on data protection, including information on the credit agencies used, please refer to the Paypal data protection statement: https://www.paypal.com/uk/webapps/mpp/ua/privacy-full

4.6. Use of the contact form, the live chat or in the context of any other contact:

In the event of the use of the contact form, the personal data of the customer which is transmitted to the controller will be made accessible to the following recipients:

- CRM software provider (See point 4.7.)
- Web hosting provider

In the case of the live chat, the customer's personal data transmitted to the controller will be made available to the following recipients: 

- CRM software provider (See point 4.7.)

In the case of contact by telephone, the personal data of the customer transmitted to the collector will be made available to the following recipients: 

- Telecommunications provider 

In the case of contact by email, the personal data of the customer, which are transmitted to the collector are made accessible to the following recipients:

- CRM software provider (See point 4.7.)
- Email service provider

In the event of contact being made by appointment, the customer's personal data transmitted to the collector will be made available to the following recipients:

- Email service provider 
- Calendar and appointment settings tools (See point 4.8.)

In the case of contact by post, the personal data of the customer transmitted to the controller will be made available to the following recipients: 

- CRM software provider (See point 4.7.)

Without the written consent of the customer, the personal data will not be made available to other third parties, unless this is required by law. 

4.7. Content delivery and firewall tools: 

Cloudflare Inc, 101 Townsend St, San Francisco, CA 94107, USA.

The website is used via the service of Cloudflare. The provider's software enables the collector to secure their website against hacking and spamming attacks. For this purpose, both the CDN (Content Delivery Network) and the WAF (Web Application Firewall) of Cloudfare are used. These tools check every access to the website based on various criteria such as the IP address or the location of the user. Cloudflare's privacy policy can be found at https://www.cloudfare.com/de-de/privacypolicy/. Further information on dealing with the DSGVO can be found at https://www.cloudflare.com/de-de/gdpr/introduction/.

4.8. Website analysis tools: 

For the purpose of analysing the use of the website, the personal data of the customer transmitted to the controller will be made available to the following recipients. The customer can prevent the collection by the aforementioned analysis services by clicking on the following link. An opt-out cookie will be set, which prevents the future collection of the customer's data when visiting the website: Disable Analytics Services (DisableAllTracking)

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
This website uses Google Analytics, a web analytics service provided by Google Ireland Limited ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website, such as 

- Browser type/version,
- Operating system used,
- Referrer URL (the previously visited page),
- Host name of the accessing computer (IP address),
- Time of the server request,

are usually transferred to a Google server and stored there. The IP address transmitted by your browser as part of Google Analytics is not merged with other data from Google. We have also added the code "anonymizeIP" to Google Analytics on this website. This guarantees the masking of your IP address so that all data is collected anonymously. Only in exceptional cases is the full IP address transmitted to a Google server and shortened there. 

On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. You may refuse the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use the full functionality of this website.

You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google as well as the processing of this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en. As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent the collection by Google Analytics by clicking on this link. An opt-out cookie will be set which prevents the future collection of your data when visiting this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again. You will find information on how to integrate the opt-out cookie at https://developers.google.com/analytics/devguides/collection/gajs/?hl=en#disable].

We continue to use Google Analytics to analyze data from double-click cookies and also AdWords for statistical purposes. If you do not wish this to happen, you can deactivate it via the ad preferences manager (http://www.google.com/settings/ads/onweb/?hl=en).

Further information on data protection in connection with Google Analytics can be found in the Google Analytics help (https://support.google.com/analytics/answer/6004245?hl=en). 

Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA.
This website uses web analysis functions of Facebook (Pixel) to measure and optimize the targeting of campaigns via the Facebook platforms (Facebook and Instagram). By integrating this tool, Facebook receives the IP address and has the possibility to set cookies at the customer. If you have a Facebook account and are logged in there, Facebook can assign the visit to our website to your Facebook profile. For more information on the collection and use of data by Facebook, your rights in this regard and options for protecting your privacy, please refer to Facebook's privacy policy at www.facebook.com/privacy/explanation. 

Microsoft Corporation, One Microsoft Way, Redmond, WA 98052, USA.
This website uses web analytics from Microsoft (Bing Ads) to measure and optimize the delivery of advertisements via search engines such as Bing and Yahoo. By integrating this tool, Microsoft receives the IP address and has the possibility to set cookies at the customer. Microsoft ensures that this information remains anonymous and cannot be used to identify individuals. For more information, please visit https://advertise.bingads.microsoft.com/de-de/ressourcen/richtlinien/privacy-policy and https://privacy.microsoft.com/de-de/privacystatement 

Clickcease, Karniboo Technologies Limited dba Clickcease, 26th Eliphelet Street, Tel Aviv, Israel.
This website uses web analytics from Clickcease (Karniboo Technologies) to measure and optimize the delivery of advertisements via search engines such as Google, Bing and Yahoo. By integrating this tool, Clickcease receives the IP address and has the possibility to set cookies at the customer. You can find more information at https://www.clickcease.com/privacy.html

Criteo SA, 32 Rue Blanche, 75009 Paris.
This website uses web analytics from Criteo to measure and optimize the delivery of adverts and banners on other websites. By integrating this pixel, Criteo receives the IP address and has the possibility to see cookies at the customer. Further information can be found at www.criteo.com/de/privacy/.  

Personal data will not be made available to third parties without the written consent of the customer unless this is required by law. 

4.9. CRM software provider: 

Cleverrach GmbH & Co KG, Müjlenstraße 43, 26180 Rastede, Germany. 
When saving products & configurations, sending the contact form or ordering products, wood samples or magazines, customer data is transferred to Cleverreach and stored there. Cleverreach receives the email address and any other data of the customer. You can find Cleverreach's privacy policy at https://www.cleverreach.com/de/datenschutz/.

Zendesk Inc. 1019 Market Street, San Francisco, CA 94103, USA.
When sending the contact form as well as emails to email addresses of the collector, these are processed and stored in Zendesk. Zendesk receives the email address ad the sender name of the customer. Zendesk fulfils all requirements for the final deletion of customer data. Zendesk's privacy policy can be found at https://www.zendesk.de/company/customers-partners/privacy-policy/. 

Personal data will not be disclosed to third parties without the written consent of the customer unless this is required by law.

4.10. Calendar and appointment setting tools: 

Calendly LLC, 1315 Peachtree St NE, Atlanta GA, 30309, USA. 
On our website, we offer you the possibility to schedule telephone appointments as well as personal appointments in our showroom. We use the appointment scheduling tool Calendly for this purpose. You can find Calendly's privacy policy at https://calendly.com/pages/privacy.

Personal data will not be disclosed to third parties without the written consent of the customer unless this is required by law. 

4.11. Youtube videos: 

The video platform Youtube is used to integrate external videos. Youtube belongs to Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. The extended data protection mode is used, whereby customer data is only stored when a video is played. Further information on data protection can be found at https://google.de/intl/de/policies/privacy.

Personal data will not be disclosed to third parties without the written consent of the customer unless required by law.

4.12. Google Fonts 

For the integration of external fonts by Google Fonts, the personal data of the customer is made available to Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. This website uses Google Fonts to integrate external fonts. Google provides the fonts. When the customer calls up this website, the required fonts are loaded into the customer's browser chase in order to display the texts and fonts correctly on the page. For this purpose, the information customary when calling up a website, in particular, the customer's IP address and the referrer URL, is transferred to a server of Google Ireland Limited. The customer can obtain further information at https://developers.google.com/fonts/faq and in Google's privacy policy https://policies.googe.com/privacy?hl=de.

Personal data will not be made available to third parties without the written consent of the customer, unless this is required by law. 

5. Cookies On different pages
On various pages, the collector uses cookies to make visiting its web pages attractive and to enable the use of certain functions. Cookies are small text files that are stored on the visitor's computer. Most of the cookies used by the collector are deleted from the visitor's hard drive at the end of the browser session (so-called session cookies). Other cookies remain on the visitor's computer and enable the collector to recognize the visitor's computer during the next visit (so-called permanent cookies). Of course, the customer can reject the cookies at any time, provided that the browser used allows this. 

6. Third country transfer
In the context of the use of the web analysis tools Facebook (Pixel) and Microsoft (Bing Ads) as well as Calendly, Cloudflare and Zendesk, a transfer to the USA will take place. The addresses of the providers can be found under points 4.5. to 4.8.

An adequacy decision of the European Commission is missing. However, all providers are members of the EU-US Privacy Shield. Further information on the EU-US Privacy Shield can be found at the URL: https://www.privacyshield.gov

7. Storage period
With the complete settlement of the contract, which also includes the full payment of the agreed remuneration, the customer's data, which must be stored for legal reasons, will be blocked. This data is no longer available for further use. After the legal reason has ceased to exist, this blocked data will be deleted.

In the event that the customer uses the contact form or the live chat or otherwise contacts the collector, the personal data will be used for the duration of the processing of the request. Subsequently, the data which must be kept for legal reasons will be blocked. These data are no longer available for further use.

The collector is subject to various storage and documentation obligations, which result from the German Commercial Code (HGB) and the German Fiscal Code (AO), among others. The retention and documentation periods specified there are between two and ten years.

Finally, the storage period is also assessed according to the statutory limitation periods, which, for example, according to §§ 195 ff. of the German Civil Code (BGB) are generally three years, but in certain cases can be up to thirty years. In all other cases, personal data will be deleted unless the customer has expressly consented to the further processing and use of their data.

Personal data stored for the purpose of identifying, limiting or eliminating faults or errors on the website will be deleted after seven days at the latest.

The personal data collected by means of Google Analytics are stored for a period of 50 months after the last session of the visitor.

8. Data protection rights
Every customer has the right to information under Article 15 of the DSGVO, the right to rectification under Article 16 of the DSGVO, the right to erasure under Article 17 DSGVO, the right to restriction of processing under Article 18 of the DSGVO, the right to object under Article 21 of the DSGVO and the right to data transfer portability under Article 20 of the DSGVO. With regard to the right to information and the right to erasure, the restrictions pursuant to § 34 and 35 BDSG apply. In addition,  to the right to information and the right to cancellation. In addition, there is a right of appeal to a data protection supervisory authority (Article 77 DSGVO in conjunction with § 19 BDSG). 

The customer can find the legal texts here https://dsgvo-gesetz.de/

Corresponding requests are to be directed to the address mentioned under point 1 or to [email protected]

9. Right of objection and other rights
If the customer has given his consent to the processing of personal data relating to them for one or more specific purposes, the customer shall be entitled to revoke the consent with effect for the future.

In particular, the customer has the right to object to the processing of personal data for the analysis of the website or in order to detect, limit or eliminate faults or errors on the website at any time free of charge with effect for the future. For this purpose, it is sufficient to send an email to [email protected] or to the address given in point 1.

Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their residence, place of work or at the place of the alleged infringement, if the data subject considers that the processing of the related personal data infringes this Regulation. 

A competent authority is, for example, the Hamburg Commissioner for Data Protection and Freedom of Information, Klosterwall 6 (Block C), 20095 Hamburg, Germany. However, the customer can also choose another one. 

10. Obligation to provide data
The provision of the following data is mandatory (mandatory information):
10.1. Fulfilment of the contract:

The provision of the following data is mandatory for the conclusion of a contract (mandatory data):

- Salutation
- First name and surname
- Company name (if available)
- Address (street, house number, postcode, city, country)
- Telephone number
- Email address

For the use of the newsletter as well as for the saving of product configurations, the following data is mandatory:

- E-mail address

All other details are not required for the conclusion of the contract and are therefore voluntary.

If the mandatory information required for the conclusion of the contract is not provided, the contract will not be concluded. Failure to provide the voluntary information has no influence on the conclusion of the contract. 

10.2. Use of the contact form, the live chat or the processing of any other enquiry:

For the processing of a general enquiry within the framework of the contact form, I is mandatory to provide the following data:

- First name
- Surname
- Email address
- Your message

For the processing of an enquiry in the context of the live chat, is it mandatory to provide the following data (mandatory data):

- Message

If the live chat is not manned by a member of staff, the same data will be requested as in the contact form.

In order to process a telephone enquiry, the following data must be provided (mandatory data):

- Your name
- Telephone number

In order to process an enquiry by fax, the following data must be provided (mandatory data):

- Name
- Fax number

To process an enquiry by email, the following data must be provided (mandatory data):

- Name
- Email address

In order to process a postal enquiry, the following data must be provided (mandatory data):

- Name 
- Postal address

All other information is not required for the processing of an enquiry and is therefore voluntary.

If the mandatory details required for the processing of an enquiry are not provided, the contact request will not be processed. Failure to provide voluntary information will not affect the processing of the enquiry.

10.3. Website analysis:

The provision of the following data is mandatory in order to identify, limit or eliminate faults or errors on the website (mandatory data):

- IP address

All other information is not required to identify, limit or eliminate faults or errors on the website and is therefore voluntary.

If the mandatory information required to identify, limit or eliminate faults or errors on the website is not provided, this website cannot be used. 

The deactivation of data transmission within the framework of Google Analytics has no effect on the use of this website. 

11. Automated decision-making
Automated decision-making including profiling does not take place.

 


SERVICE