KF - HOLZ IS THE RIGHT ADDRESS WHEN IT COMES TO WOOD!

WE BRING A PIECE OF FOREST INTO YOUR LIVING ROOM!

Privacy policy

Privacy and data protection

KF - HOLZ Kaltenegger GmbH

 

Status: 01.10.2022

The protection of your personal data is of particular concern to us. We therefore process your data exclusively on the basis of the statutory provisions (GDPR, TKG 2003). In this data protection information, we inform you about the most important aspects of data processing on our website.

1. Contact with us

If you contact us using the form on the website or by e-mail, the data you provide will be stored by us for six months for the purpose of processing the inquiry and in the event of follow-up questions. We will not pass on this data without your consent.

2. Cookies

In order to make visiting our website attractive and to enable the use of certain functions, we use technologies on various pages, including so-called cookies. Cookies are small text files that are automatically stored on your end device. Some of the cookies we use are deleted again at the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your end device and enable us to recognize your browser on your next visit (persistent cookies).

We use such technologies that are absolutely necessary for the use of certain functions of our website (e.g. shopping cart function). These technologies collect and process the IP address, time of visit, device and browser information as well as information about your use of our website (e.g. information about the contents of the shopping cart). In the context of a balancing of interests, this serves overriding legitimate interests in an optimized presentation of our offer in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR.

2.1 Technical and functional cookies

We only use the following technical or functional cookies for basic functions and to ensure the proper functioning of the website. These cookies are automatically deleted when you close the website and are not stored on your computer!

In addition, we use technologies to fulfill the legal obligations to which we are subject (e.g. to be able to prove consent to the processing of your personal data) as well as for web analysis and online marketing. Further information on this, including the respective legal basis for data processing, can be found in the following sections of this privacy policy.

If you have consented to the use of the technologies in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, you can revoke your consent at any time by sending a message to the contact option described in the privacy policy.

2.2 Use of cookies and other technologies for web analysis and advertising purposes

Insofar as you have given your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, we use the following cookies and other third-party technologies on our website. The data collected in this context will be deleted after the purpose has ceased to apply and we have stopped using the respective technology. You can withdraw your consent at any time with effect for the future. Further information on your revocation options can be found in the section "Cookies and other technologies". Further information, including the basis of our cooperation with the individual providers, can be found under the individual technologies. If you have any questions about the providers and the basis of our cooperation with them, please use the contact option described in this privacy policy.

Use of Google services

We use the following technologies of Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The information automatically collected by Google technologies about your use of our website is usually transmitted to a server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA and stored there. There is no adequacy decision by the European Commission for the USA. Our cooperation is based on standard data protection clauses of the European Commission. If your IP address is collected via Google technologies, it will be shortened by activating IP anonymization before it is stored on Google's servers. Only in exceptional cases will the full IP address be transmitted to a Google server and shortened there. Unless otherwise specified for the individual technologies, data processing is carried out on the basis of an agreement concluded for the respective technology between jointly responsible parties in accordance with Art. 26 GDPR. Further information about data processing by Google can be found in Google's privacy policy.

Google Analytics

For the purpose of website analysis, Google Analytics automatically collects and stores data (IP address, time of visit, device and browser information as well as information on your use of our website), from which user profiles are created using pseudonyms. Cookies may be used for this purpose. Your IP address will not be merged with other Google data. Data processing is carried out on the basis of an agreement on order processing by Google.

Use of Facebook pixels

We use the Facebook pixel from Facebook on our website. We have implemented a code on our website for this purpose. The Facebook pixel is a snippet of JavaScript code that loads a collection of functions with which Facebook can track your user actions if you have come to our website via Facebook ads. For example, if you purchase a product on our website, the Facebook pixel is triggered and stores your actions on our website in one or more cookies. These cookies enable Facebook to match your user data (customer data such as IP address, user ID) with your Facebook account data. Facebook then deletes this data again. The data collected is anonymous and cannot be viewed by us and can only be used in the context of ad placements. If you are a Facebook user and are logged in, your visit to our website is automatically assigned to your Facebook user account.

We only want to show our services and products to people who are really interested in them. With the help of Facebook pixels, our advertising measures can be better tailored to your wishes and interests. This means that Facebook users (provided they have allowed personalized advertising) see suitable advertising. Facebook also uses the data collected for analysis purposes and its own advertisements.

Below we show you the cookies that were set by integrating Facebook pixels on a test page. Please note that these are only sample cookies. Different cookies are set depending on the interaction on our website.

Name: _fbp
Value: fb.1.1568287647279.257405483-6231579493877-7
Intended use: Facebook uses this cookie to display advertising products.
Expiration date: after 3 months

Note: The cookies mentioned above refer to individual user behavior. Changes can never be ruled out with Facebook, especially when using cookies.

If you are logged in to Facebook, you can change your settings for advertisements at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen yourself. If you are not a Facebook user, you can manage your usage-based online advertising at http://www.youronlinechoices.com/de/praferenzmanagement/&nbsp. There you have the option of deactivating or activating providers.

If you want to find out more about Facebook's data protection, we recommend that you read the company's own data policy at https://www.facebook.com/policy.php.

Reference to data transfers to the USA

Through the services of Google and Facebook, your data is (at least in some cases) also transmitted to the USA as a third country. Authorities or secret services in the USA can access your data without you having any legal recourse. The CJEU has therefore determined that there is no adequate level of data protection within the meaning of Art. 44 et seq. of the GDPR for data transfers from the EU to the USA. For this reason, the legal basis for the use of this service is your express consent in accordance with Art. 49 (1) lit. a GDPR.

Changing the cookie settings in your web browser

You can specify how the web browser you are using handles cookies, i.e. which cookies are accepted or rejected, in the settings of your web browser. You can also delete cookies already stored on your computer/device yourself at any time. Where exactly these settings are located depends on the respective web browser. Detailed information on this can be accessed via the help function of the respective web browser.

  • It is also possible to generally object to cookies and similar tracking technologies via the services listed below by setting your individual preferences - which technologies you wish to allow for usage and interest-based advertising:
  • European Interactive Digital Advertising Alliance (EDAA): https://www.youronlinechoices.com/de/praferenzmanagement/
    Network Advertising Initiative (NAI): https://optout.networkadvertising.org/?c=1#!%2F


3. Hosting

We use an external web host to operate our website.

Hosting provider

We process personal connection data with the help of the following processors for the purpose of data and failure security for a maximum period of 7 days.

The legal basis for the processing is our legitimate interest pursuant to Art. 6 para. 1 lif. f GDPR (technical security measures).

Service: Web- u. Mail Hosting
Operator: WDW WerbeDesign Wanger e.U.
Privacy policy: https://www.wdw.at/datenschutz/

Access data
In the context of hosting, we process the following personal user data in a server log file for a maximum period of 7 days for the purpose of monitoring the technical function and increasing the operational security of the web host on the legal basis of legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR (technical security measures):

  • Website visited
  • Time at the time of access
  • Amount of data sent in bytes
  • Source/reference from which you accessed the page
  • Browser used
  • Operating system used
  • IP address used

The data collected is only used for statistical analysis and to improve the website. However, the website operator reserves the right to check the server log files retrospectively if there are concrete indications of unlawful use.

4. Map services

On this website, we use the services of map service providers in the form of an iFrame embedding. This allows us to display interactive maps directly on the website and enables convenient use of the map functions.

Google Maps

As joint controllers with Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, we process connection data and browser data for the purpose of displaying an interactive map for the duration of the map display. In doing so, we enable Google Maps to place cookies on the user's PC and to calculate a user ID to uniquely identify the user as part of the advertising network operated by Google.

The legal basis for the processing is the consent given by you in accordance with § 96 para. 3 TKG ivm. in accordance with Art. 6 para. 1 lit. a GDPR.

Insofar as Google Maps carries out further independent processing of the data, in particular within the framework of the Google advertising network, Google Maps is solely responsible for this. Details can be found in the Google Maps privacy policy.

5. Audio and video services

On this website, we use video and audio services in the form of iFrame embedding. This allows us to show you multimedia content directly on the website.

Youtube

Our website uses the provider YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA, represented by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, to embed videos. Normally, when you access a page with embedded videos, your IP address is sent to YouTube and cookies are installed on your computer. However, we have integrated our YouTube videos with the extended data protection mode (in this case, YouTube still contacts Google's Double Click service, but according to Google's privacy policy, personal data is not evaluated). This means that YouTube no longer stores any information about visitors unless they watch the video. If you click on the video, your IP address is transmitted to YouTube and YouTube learns that you have watched the video. If you are logged in to YouTube, this information will also be assigned to your user account (you can prevent this by logging out of YouTube before watching the video).

We have no knowledge of and no influence on the possible collection and use of your data by YouTube.

The legal basis for the processing is the consent given by you in accordance with § 96 para. 3 TKG ivm. in accordance with Art. 6 para. 1 lit. a GDPR.

If Youtube / Google carries out further independent processing of the data, in particular within the framework of the Youtube / Google advertising network, Youtube / Google is solely responsible for this.

Further information can be found in YouTube's privacy policy at www.google.de/intl/de/policies/privacy/

6. Facebook-Site

When you visit our Facebook page, personal data (documentation of user behavior) is processed by Facebook using cookies. This information is used to create anonymized, statistical data about page activity and is automatically provided to us (Insights). We are jointly responsible with Facebook for this data processing in accordance with Article 26 of the General Data Protection Regulation. We base this on our legitimate interests. Without the processing of this data, we would not be able to maintain and optimize our presence on Facebook. You can find more information on the Facebook information page.

No personal data is made available to us in the process. At the same time, the data is also stored and processed by Facebook itself so that Facebook can connect it to the respective Facebook user profile. Facebook may use this data for its own advertising purposes in accordance with the Facebook Data Usage Policy. Consent to this is the responsibility of Facebook and cannot be influenced by us. For more information on the collection and use of data by Facebook and your rights and options for protecting your privacy in this regard, please refer to Facebook's privacy policy.

7. Data storage

We offer you the opportunity to purchase products directly via our online store. In the context of the web store, the data entered by you as well as data on products selected by you are processed by the person responsible for the purpose of making the offer, concluding the contract, fulfilling the contract and fulfilling any post-contractual obligations prior to conclusion of the contract on the basis of the pre-contractual relationship initiated by you and after conclusion of the contract on the basis of the contract pursuant to Art. 6 para. 1 lit. b GDPR.

We therefore store the following data for the purpose of processing the contract Title (Mr., Mrs., company), company, VAT number, name, street, postal code, city, country, telephone, fax, e-mail. The data provided by you is required to fulfill the contract or to carry out pre-contractual measures. We cannot conclude the contract with you without this data. Data will not be transferred to third parties, with the exception of the transfer of credit card data to the processing bank/payment service provider for the purpose of debiting the purchase price, to the transport company/shipping company commissioned by us to deliver the goods and to our tax advisor to fulfill our tax obligations.

After the purchase process has been canceled, the data stored by us will be deleted. If a contract is concluded, all data from the contractual relationship will be stored until the expiry of the retention period under tax law (10 years).

8. Data processing when opening a customer account and for contract processing

In accordance with Art. 6 para. 1 lit. b GDPR, personal data will continue to be collected and processed if you provide it to us for the execution of a contract or when opening a customer account. Which data is collected can be seen from the respective input forms. You can delete your customer account at any time by sending a message to the controller's address below. We store and use the data provided by you to process the contract. After completion of the contract or deletion of your customer account, your data will be blocked with regard to retention periods under tax and commercial law and deleted after these periods have expired, unless you have expressly consented to further use of your data or we have reserved the right to further use of your data as permitted by law, about which we will inform you accordingly below.

9. Data processing for order processing

9.1 Disclosure of personal data

In order to process your order, we work together with the following service provider(s), who support us in whole or in part in the execution of concluded contracts. Certain personal data is transmitted to these service providers in accordance with the following information.

The personal data collected by us will be passed on to the transport company commissioned with the delivery as part of the contract processing, insofar as this is necessary for the delivery of the goods. We pass on your payment data to the commissioned credit institution within the scope of payment processing, insofar as this is necessary for payment processing. If payment service providers are used, we will provide explicit information about this below. The legal basis for the transfer of data is Art. 6 para. 1 lit. b GDPR.

9.2 Use of payment service providers (payment service providers)

We use the Nets payment gateway for online payments.

In principle, there is no direct contractual relationship between Nets Branch Sweden (hereinafter referred to as "Nets") and you as a cardholder or user of payment services.

Nets therefore recommends that you contact your direct contractual partner, i.e. the merchant where you have made a payment transaction, the card institution from which your payment card originates (usually your bank) or the company that has issued the invoice, with requests regarding the processing of your personal data as a cardholder or user of payment services.

However, Nets reserves the right to process your personal data in accordance with contracts with the merchant in the form of transaction data. The legal basis for our processing of personal data is that it is necessary for compliance with various legal obligations and requirements to which we are subject by law or contract. In addition, the processing is necessary for the purposes of our legitimate interests or the legitimate interests of a third party, which do not override the interests or fundamental rights and freedoms of the data subject. Our legitimate interests include our contractual obligation to process your payment transactions, handling complaints, feedback and queries, investigating, detecting and preventing unlawful activities and ensuring network and data security.

As an exception to the general rule, a direct contractual relationship exists between Nets and you as a cardholder or user of payment services when you use the service operated by Nets under the name "Save my Details".

https://cdn.dibspayment.com/terms/easy/Nutzungsbedingungen_Cookie-Hinweis.pdf

10. Newsletter

You have the option of subscribing to our newsletter via our website. To do this, we need your e-mail address and your declaration that you agree to receive the newsletter.

As soon as you have registered for the newsletter, we will send you a confirmation e-mail with a link to confirm your registration.

You can cancel your subscription to the newsletter at any time. Please send your cancellation to the following e-mail address: office@kf-holz.com or cancel your subscription to the next newsletter by clicking on the corresponding link in the footer area of the newsletter. We will then immediately delete your data in connection with the newsletter dispatch. 

This revocation does not affect the legality of the processing carried out on the basis of the consent until the revocation.

11. Extension for improved barrier-free access

Eye-Able® is a software developed by Web Inclusion GmbH to ensure barrier-reduced access to information on the Internet for all people. The necessary files such as JavaScript, stylesheets and images are loaded from an external server. When functions are activated, Eye-Able® uses the browser's local storage to save the settings. All settings are only saved locally and are not transmitted further. Eye-Able® uses the Content Delivery Network (CDN) of BunnyWay d.o.o. (Cesta komandanta Staneta 4A, 1215 Medvode, Slovenia) to fend off attacks and provide our service in near real time. This is used for the purpose of fulfilling the contract with our customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR). All transmitted data and servers remain in the EU at all times in order to enable data protection-compliant processing in accordance with the GDPR. Web Inclusion GmbH does not collect or analyze personal user behavior or other personal data at any time. In order to ensure data protection-compliant processing, Web Inclusion GmbH has concluded order processing contracts with our host BunnyWay. Further information can be found in the privacy policy:

https://eye-able.com/de/datenschutz-eye-able/ 
https://bunny.net/privacy 

12. How to use the AI chatbot

This privacy policy informs you about the processing of personal data when using our AI chatbot ("chatbot"). The protection of your data is important to us. We process personal data exclusively in accordance with the General Data Protection Regulation (GDPR) and the applicable data protection laws.

Purpose and legal basis of the processing

We process personal data in order to provide and improve the chatbot, to enable communication with users and to ensure system security.

The processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR (legitimate interest), insofar as it is necessary for technical operation, troubleshooting or misuse detection.

If an evaluation is carried out for analysis purposes or to improve the system, this is also done within the scope of our legitimate interest.


Types of data processed
The following data in particular may be processed when using the chatbot:

  • Texts and content entered (prompts)
  • Chat histories including responses
  • Timestamp of requests
  • IP address (shortened or pseudonymized if technically possible)
  • Browser type, operating system and device settings
  • Error logs (for system monitoring and security)

Recipients and service providers used
For the technical provision of the chatbot, we use specialized IT service providers who process personal data exclusively on our behalf and in accordance with Art. 28 GDPR.

The following service providers are involved:

  • OpenAI / Vector Wizards LLC (USA)
    Provision of AI technology and processing of text input to generate chatbot responses. Data transfers to the USA are based on EU standard contractual clauses in accordance with Art. 46 GDPR.
  • Voiceflow, Inc (Canada)
    Provision of the chatbot dialog logic and integration into the website.
    Canada has an adequacy decision from the EU Commission (Art. 45 GDPR). The data will not be passed on to third parties for other purposes, in particular for advertising purposes.

Transfer to third countries
If service providers or their subcontractors process data outside the EU/EEA, this is only done in compliance with the legal requirements of Art. 44 et seq. GDPR.

We ensure that suitable data protection guarantees (e.g. EU standard contractual clauses) are in place or that an adequacy decision has been issued by the EU Commission.

Storage duration

  • Chat histories, IP addresses and metadata are stored for up to 12 months in order to enable system analyses, improve service quality and detect misuse.
  • Data may be stored for longer if this is required by statutory retention obligations or legitimate interests.
  • Data that is no longer required is regularly deleted or anonymized.

Cookies and tracking
Session cookies may be used for the technical provision of the chatbot. These store an anonymous session ID and are automatically deleted as soon as you close the browser. Any further storage will only take place with your express consent.

Data security
Your data is transmitted in encrypted form (SSL/TLS).
Our systems are protected by firewalls and access restrictions to prevent unauthorized access.

13. Your rights

In principle, you have the following rights with regard to your data stored by us:

  • Information
  • Correction
  • Deletion
  • Restriction
  • Data portability
  • Revocation and objection

To do so, please contact us (office@kf-holz.com).

If you believe that the processing of your data violates data protection law or your data protection claims have otherwise been violated in any way, you can complain to the competent supervisory authority. In Austria, this is the data protection authority (dsb@dsb.gv.at).

14. You can reach us using the following contact details:

KF-Holz Kaltenegger GmbH | Gewerbepark Süd 2 | 5141 Moosdorf / Austria
T.: +43 676 5018610 | E.: office@kf-holz.com 


 

Our service
Back to top