Duty to provide information when collecting personal data from the data subject
1. Responsible party and contact details
The responsible party is Pickawood GmbH (hereinafter referred to as the controller) and processes the data provided by the data subject (hereinafter referred to as the customer) in accordance with the provisions of the European Data Protection Regulation (hereinafter referred to as the GDPR).
The contact details of the controller are as follows:
Address: Amsinckstraße 34, 20097 Hamburg, Germany
Phone: +49 (0)40 524 77770
Phone number Switzerland (CH) (AT): 04350 80965
Phone number Austria (AT): 07208 81537
Phone number France (FR): +49 (0)40 524 77770
Phone number Great Britain (UK): +49 (0)330 808 4870
Fax: +49 (0)40 228 17034-9
Email: [email protected]
2. Data protection commissioner
The data protection officer of the data controller is Dr. Martin Bahr.
The contact details of the data protection officer are:
Address: Dr. Bahr Consulting GmbH, Mittelweg 41a, 20148 Hamburg, Germany
Phone: +49 (0)40 555 98300
E-mail: [email protected]
3. Purpose and legal basis
The processing of the customer's personal data is necessary for the fulfilment of a contract to which the customer is a party or for the implementation of pre-contractual measures, which are carried out at the request of the customer. This also concerns in particular to the registration for the newsletter as well as the saving of product configurations. The legal basis for this processing is Art. 6 Para. 1 b) DSGVO.
In the event that the customer uses the contact form or the live chat or contacts the controller in any other way, in particular by e-mail, telephone, fax or post, the personal data will be used exclusively to process the customer's enquiry. The legal basis for this processing is the customer's consent according to Art. 6 para. 1 a) DSGVO.
In the other cases in which personal data are processed, the processing is carried out in order to protect the legitimate interests of the controller, namely to analyse the use of the website with the help of using web analysis tools (see point 4.9.) or to identify, limit or eliminate malfunctions or errors on the website. The legal basis for this processing is Art. 6 para. 1 f) DSGVO. The controller refers to the customer's right to reject. The customer receives more detailed information under point 9 of this declaration.
4. Recipients
The personal data of the customer which are transmitted to the controller will be made available to the following recipients:
4.1. Fulfilment of the contract or implementation of pre-contractual measures:
In order to fulfil the contract or the implementation of pre-contractual measures, the personal data of the customer, which are transmitted to the controller, are made accessible to the following recipients:
- CRM software provider (See point 4.10.)
- Databases + data hosting provider
- Email service provider
- IT service provider
- Web analytics software provider
- Web hosting provider
- Banks
- Tax authorities
- Manufacturers + producers
- Logistics service provider
- Management service provider
- Assembly + installation service providers
- Payment service provider
- Tax consultant
- Telephone provider
Personal data will not be made available to third parties without the written consent of the customer unless this is required by law.
4.2. Sending an order and payment via credit card:
All credit card payments are processed by Concardis. Concardis is subject to the specifications of the "Payment Card Industry (PCI) Data Security Standards" and has been certified by Security Research & Consulting GmbH. Security Research & Consulting GmbH is accredited by the Federal Office for Information Security (BSI) as a test centre for evaluation of security components according to the internationally recognized Common Criteria (ISO 15408) (registration number BSI-APS-9026). Processing location: Germany, Privacy policy: https://www.concardis.com/datenschutzerklaerung
4.3. Sending an order and payment via Amazon Payments:
When paying via Amazon Payments, all personal data disclosed to or collected by Amazon Payments is controlled primarily by Amazon Payments s.c.a. (the "Controller") and also by Amazon EU SARL, Amazon Services Europe SARL and Amazon Media EU SARL, all three are located at 5, Rue Plaetis L 2338, Luxembourg. By using Amazon Payments, you acknowledge Amazon Payments' privacy policy. For more information, please visit https://pay.amazon.co.uk/.
4.4. Sending an order and payment via PayPal:
If you pay via PayPal, you will be forwarded to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as "PayPal") for payment processing. For this purpose, we transfer the price and the order number of your order to PayPal. For further information on data protection, including information on the credit agencies used, please refer to the Paypal data protection statement: https://www.paypal.com/uk/webapps/mpp/ua/privacy-full
4.5. Use of the contact form, the live chat or in the context of any other contact:
In the event of the use of the contact form, the personal data of the customer which is transmitted to the controller will be made accessible to the following recipients:
- CRM software provider (See point 4.10.)
- Web hosting provider
In the case of the live chat, the customer's personal data transmitted to the controller will be made available to the following recipients:
- CRM software provider (See point 4.10.)
In the case of contact by telephone, the personal data of the customer transmitted to the collector will be made available to the following recipients:
- Telecommunications provider
In the case of contact by email, the personal data of the customer, which are transmitted to the collector are made accessible to the following recipients:
- CRM software provider (See point 4.10.)
- Email service provider
In the event of contact being made by appointment, the customer's personal data transmitted to the collector will be made available to the following recipients:
- Email service provider
- Calendar and appointment settings tools (See point 4.11.)
In the case of contact by post, the personal data of the customer transmitted to the controller will be made available to the following recipients:
- CRM software provider (See point 4.10.)
Without the written consent of the customer, the personal data will not be made available to other third parties, unless this is required by law.
4.6. Content delivery and firewall tools:
Cloudflare Inc, 101 Townsend St, San Francisco, CA 94107, USA.
The website is used via the service of Cloudflare. The provider's software enables the collector to secure their website against hacking and spamming attacks. For this purpose, both the CDN (Content Delivery Network) and the WAF (Web Application Firewall) of Cloudfare are used. These tools check every access to the website based on various criteria such as the IP address or the location of the user. Cloudflare's privacy policy can be found at https://www.cloudfare.com/de-de/privacypolicy/. Further information on dealing with the DSGVO can be found at https://www.cloudflare.com/de-de/gdpr/introduction/.
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Google Tag Manager is a tool from Google Ireland Limited (‘Google’) to display the services of partners individually on our website. We use this tool to ensure that individual services and data recipients are displayed in accordance with your consent. Therefore, this service cannot be deactivated. The service itself does not independently collect any data other than that which is technically necessary for the delivery of the service (including your IP address). This data is transferred to a Google server and stored there in some cases. You can find further information at https://business.safety.google/privacy/
4.7. Website analysis tools:
For the purpose of analysing the use of the website, the personal data of the customer transmitted to the controller will be made available to the following recipients. The customer can prevent the collection by the aforementioned analysis services by clicking on the following link. An opt-out cookie will be set, which prevents the future collection of the customer's data when visiting the website: Disable Analytics Services (DisableAllTracking)
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Google Analytics or Google Analytics 4 (GA4) is an analytics tracking tool from Google Ireland Limited ("Google") used on our website. It collects data about visitors' activity on our website. This data is collected through various technologies such as cookies, device IDs, login credentials and so-called fingerprint technologies, which makes it possible to identify visitors across different devices and analyse them across platforms.
If you wish to delete your data or prevent data storage, you have the right to obtain information about your data and to update, restrict or delete it. You can prevent the use of your data by Google Analytics 4 by using the browser add-on to deactivate Google Analytics JavaScript, which can be downloaded and installed at https://tools.google.com/dlpage/gaoptout?hl=en. However, please note that the add-on only disables the collection of data by Google Analytics. If you would like to deactivate, delete or manage cookies in general, you will find corresponding instructions in the cookie settings of your browser.
All information about how Google handles your data can be found at https://business.safety.google/privacy/
Personal data will not be made available to third parties without the written consent of the customer unless this is required by law.
4.8. CRM software provider:
Cleverrach GmbH & Co KG, Müjlenstraße 43, 26180 Rastede, Germany.
When saving products & configurations, sending the contact form or ordering products, wood samples or magazines, customer data is transferred to Cleverreach and stored there. Cleverreach receives the email address and any other data of the customer. You can find Cleverreach's privacy policy at https://www.cleverreach.com/de/datenschutz/.
Mailjet GmbH, Alt-Moabit 2, 10557 Berlin, Germany.
When saving products & configurations, submitting the contact form and ordering products, wood samples or magazines, we use Mailjet to send emails. The service provider is the German company Mailjet GmbH, Alt-Moabit 2, 10557 Berlin, Germany. You can find out more about the data processed through the use of Mailjet in the Privacy Policy at https://www.mailjet.com/legal/privacy-policy/.
Zendesk Inc. 1019 Market Street, San Francisco, CA 94103, USA.
When sending the contact form as well as emails to email addresses of the collector, these are processed and stored in Zendesk. Zendesk receives the email address ad the sender name of the customer. Zendesk fulfils all requirements for the final deletion of customer data. Zendesk's privacy policy can be found at https://www.zendesk.de/company/customers-partners/privacy-policy/.
Personal data will not be disclosed to third parties without the written consent of the customer unless this is required by law.
4.9. Calendar and appointment setting tools:
Calendly LLC, 1315 Peachtree St NE, Atlanta GA, 30309, USA.
On our website, we offer you the possibility to schedule telephone appointments as well as personal appointments in our showroom. We use the appointment scheduling tool Calendly for this purpose. You can find Calendly's privacy policy at https://calendly.com/pages/privacy.
Personal data will not be disclosed to third parties without the written consent of the customer unless this is required by law.
4.10. Youtube videos:
The video platform Youtube is used to integrate external videos. Youtube belongs to Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. The extended data protection mode is used, whereby customer data is only stored when a video is played. Further information on data protection can be found at https://google.de/intl/de/policies/privacy.
Personal data will not be disclosed to third parties without the written consent of the customer unless required by law.
4.11. Google Fonts
For the integration of external fonts by Google Fonts, the personal data of the customer is made available to Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. This website uses Google Fonts to integrate external fonts. Google provides the fonts. When the customer calls up this website, the required fonts are loaded into the customer's browser chase in order to display the texts and fonts correctly on the page. For this purpose, the information customary when calling up a website, in particular, the customer's IP address and the referrer URL, is transferred to a server of Google Ireland Limited. The customer can obtain further information at https://developers.google.com/fonts/faq and in Google's privacy policy https://policies.googe.com/privacy?hl=de.
Personal data will not be made available to third parties without the written consent of the customer, unless this is required by law.
4.13. Mailtimer.io as email integration
The Mailtimer.io service is used to integrate a dynamic countdown in emails. Information on data protection can be found at https://mailtimer.io/gdpr
4.14. Marketing partner
Google Ads - Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
We use cookies from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (‘Google’) to measure and optimise advertisements within Google products (search engine, shopping, YouTube, etc.). Google may use this data to personalise advertising. Cookies and mobile ad identifiers can be used for both personalised and non-personalised ads. Further information can be found at https://business.safety.google/privacy/
Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA
This website uses web analysis functions from Facebook (pixels) to measure and optimise the targeting of campaigns via the Facebook platforms (Facebook and Instagram). By integrating this tool, Facebook receives the IP address and has the option of setting cookies for the customer. If you have a Facebook account and are logged into it, Facebook can assign your visit to our website to your Facebook profile. Further information on the collection and use of data by Facebook, your rights in this regard and options for protecting your privacy can be found in Facebook's privacy policy at www.facebook.com/privacy/explanation.
Microsoft Corporation, One Microsoft Way, Redmond, WA 98052, USA
This website uses web analysis functions from Microsoft (Bing Ads) to measure and optimise the display of advertisements via search engines such as Bing and Yahoo. By integrating this tool, Microsoft receives the IP address and has the option of setting cookies for the customer. Microsoft ensures that this information remains anonymous and cannot be used to identify individuals. Further information can be found at https://advertise.bingads.microsoft.com/de-de/ressourcen/richtlinien/privacy-policy and https://privacy.microsoft.com/de-de/privacystatement
Clickcease, Karniboo Technologies Limited dba ClickCease, 26th Eliphelet Street, Tel Aviv, Israel
This website uses web analysis functions from Clickcease (Karniboo Technologies) to measure and optimise the display of advertisements via search engines such as Google, Bing and Yahoo. By integrating this tool, Clickcease receives the IP address and has the option of setting cookies for the customer. Further information can be found at https://www.clickcease.com/privacy.html
Criteo SA, 32 Rue Blanche, 75009 Paris
This website uses web analysis functions from Criteo to measure and optimise the display of advertisements and banner ads on other websites. By integrating this pixel, Criteo receives the IP address and has the option of setting cookies for the customer. Further information can be found at www.criteo.com/de/privacy/
Without the written consent of the customer, the personal data will not be made accessible to other third parties, unless this is required by law.
5. Cookies On different pages
On various pages, the collector uses cookies to make visiting its web pages attractive and to enable the use of certain functions. Cookies are small text files that are stored on the visitor's computer. Most of the cookies used by the collector are deleted from the visitor's hard drive at the end of the browser session (so-called session cookies). Other cookies remain on the visitor's computer and enable the collector to recognize the visitor's computer during the next visit (so-called permanent cookies). Of course, the customer can reject the cookies at any time, provided that the browser used allows this.
6. Third country transfer
In the context of the use of the web analysis tools Facebook (Pixel) and Microsoft (Bing Ads) as well as Calendly, Cloudflare and Zendesk, a transfer to the USA will take place. The addresses of the providers can be found under points 4.6. to 4.9.
An adequacy decision of the European Commission is missing. However, all providers are members of the EU-US Privacy Shield. Further information on the EU-US Privacy Shield can be found at the URL: https://www.dataprivacyframework.gov
7. Storage period
With the complete settlement of the contract, which also includes the full payment of the agreed remuneration, the customer's data, which must be stored for legal reasons, will be blocked. This data is no longer available for further use. After the legal reason has ceased to exist, this blocked data will be deleted.
In the event that the customer uses the contact form or the live chat or otherwise contacts the collector, the personal data will be used for the duration of the processing of the request. Subsequently, the data which must be kept for legal reasons will be blocked. These data are no longer available for further use.
The collector is subject to various storage and documentation obligations, which result from the German Commercial Code (HGB) and the German Fiscal Code (AO), among others. The retention and documentation periods specified there are between two and ten years.
Finally, the storage period is also assessed according to the statutory limitation periods, which, for example, according to §§ 195 ff. of the German Civil Code (BGB) are generally three years, but in certain cases can be up to thirty years. In all other cases, personal data will be deleted unless the customer has expressly consented to the further processing and use of their data.
Personal data stored for the purpose of identifying, limiting or eliminating faults or errors on the website will be deleted after seven days at the latest.
The personal data collected by means of Google Analytics are stored for a period of 50 months after the last session of the visitor.
8. Data protection rights
Every customer has the right to information under Article 15 of the DSGVO, the right to rectification under Article 16 of the DSGVO, the right to erasure under Article 17 DSGVO, the right to restriction of processing under Article 18 of the DSGVO, the right to object under Article 21 of the DSGVO and the right to data transfer portability under Article 20 of the DSGVO. With regard to the right to information and the right to erasure, the restrictions pursuant to § 34 and 35 BDSG apply. In addition, to the right to information and the right to cancellation. In addition, there is a right of appeal to a data protection supervisory authority (Article 77 DSGVO in conjunction with § 19 BDSG).
The customer can find the legal texts here https://dsgvo-gesetz.de/
Corresponding requests are to be directed to the address mentioned under point 1 or to [email protected]
9. Right of objection and other rights
If the customer has given his consent to the processing of personal data relating to them for one or more specific purposes, the customer shall be entitled to revoke the consent with effect for the future.
In particular, the customer has the right to object to the processing of personal data for the analysis of the website or in order to detect, limit or eliminate faults or errors on the website at any time free of charge with effect for the future. For this purpose, it is sufficient to send an email to [email protected] or to the address given in point 1.
Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their residence, place of work or at the place of the alleged infringement, if the data subject considers that the processing of the related personal data infringes this Regulation.
A competent authority is, for example, the Hamburg Commissioner for Data Protection and Freedom of Information, Klosterwall 6 (Block C), 20095 Hamburg, Germany. However, the customer can also choose another one.
10. Obligation to provide data
The provision of the following data is mandatory (mandatory information):
10.1. Fulfilment of the contract:
The provision of the following data is mandatory for the conclusion of a contract (mandatory data):
- Salutation
- First name and surname
- Company name (if available)
- Address (street, house number, postcode, city, country)
- Telephone number
- Email address
For the use of the newsletter as well as for the saving of product configurations, the following data is mandatory:
- E-mail address
All other details are not required for the conclusion of the contract and are therefore voluntary.
If the mandatory information required for the conclusion of the contract is not provided, the contract will not be concluded. Failure to provide the voluntary information has no influence on the conclusion of the contract.
10.2. Use of the contact form, the live chat or the processing of any other enquiry:
For the processing of a general enquiry within the framework of the contact form, I is mandatory to provide the following data:
- First name
- Surname
- Email address
- Your message
For the processing of an enquiry in the context of the live chat, is it mandatory to provide the following data (mandatory data):
- Message
If the live chat is not manned by a member of staff, the same data will be requested as in the contact form.
In order to process a telephone enquiry, the following data must be provided (mandatory data):
- Your name
- Telephone number
In order to process an enquiry by fax, the following data must be provided (mandatory data):
- Name
- Fax number
To process an enquiry by email, the following data must be provided (mandatory data):
- Name
- Email address
In order to process a postal enquiry, the following data must be provided (mandatory data):
- Name
- Postal address
All other information is not required for the processing of an enquiry and is therefore voluntary.
If the mandatory details required for the processing of an enquiry are not provided, the contact request will not be processed. Failure to provide voluntary information will not affect the processing of the enquiry.
10.3. Website analysis:
The provision of the following data is mandatory in order to identify, limit or eliminate faults or errors on the website (mandatory data):
- IP address
All other information is not required to identify, limit or eliminate faults or errors on the website and is therefore voluntary.
If the mandatory information required to identify, limit or eliminate faults or errors on the website is not provided, this website cannot be used.
The deactivation of data transmission within the framework of Google Analytics has no effect on the use of this website.
11. Automated decision-making
Automated decision-making including profiling does not take place.
You can manage your cookie preferences here:
Confirm cookies individually
