privacy policy

1. general information about the processing of personal data

(1) The protection of your personal data is of particular importance to us. In the following, we would therefore like to inform you in detail about which personal data is processed when you use our websites and offers.

(2) The responsible party pursuant to Art. 4 No. 7 of the General Data Protection Regulation (“GDPR”) is.

German Timber Trade Association (Gesamtverband Deutscher Holzhandel e.V.)
Am Weidendamm 1a
10117 Berlin
Telephone: +49 30 7262 58-90
Fax: +49 30 7262 58-88

Further information can be found in our imprint.

(3) You can contact our data protection officer at or by post at our address with the addition of “the data protection officer”.

(4) We process personal data only in compliance with the relevant data protection regulations. This means that the data will only be processed if a legal permission exists. I.e., in particular if the data processing is necessary for the provision of our contractual services as well as online services, or is required by law, consent is given, as well as due to our legitimate interests (i.e. interest in the analysis, optimization and economic operation and security of our online offer within the meaning of Art. 6 para. 1 lit. f GDPR).

(5) The legal basis for the consents is Art. 6 para. 1 lit. a and Art. 7 GDPR, the legal basis for the processing for the fulfillment of our services and implementation of contractual measures is Art. 6 para. 1 lit. b GDPR, the legal basis for the processing for the fulfillment of our legal obligations is Art. 6 para. 1 lit. c GDPR, and the legal basis for the processing for the protection of our legitimate interests is Art. 6 para. 1 lit. f GDPR.

2. data processing when visiting our websites

(1) During the purely informational use of our websites, i.e. if you do not make a request, log in or otherwise transmit personal information to us, we process the data that your browser transmits to our server and that are technically necessary to display our websites to you and to ensure stability and security:

  • IP address,
  • Date and time of the request,
  • duration of the website visit,
  • Time zone difference to Greenwich Mean Time (GMT),
  • Content of the request (specific page),
  • access status/HTTP status code,
  • amount of data transferred in each case,
  • Website from which the request came,
  • Web pages you visit on our site,
  • Internet service provider,
  • browser type,
  • server log files,
  • Operating system and its interface,
  • Language and version of the browser software.

(2) The legal basis is Art. 6 para. 1 p. 1 lit. f GDPR, namely our legitimate interest in the presentation of the websites accessed.

(3) Provision of the online offer and web hosting
In order to provide our online offer securely and efficiently, we use the services of one or more web hosting providers, from whose servers (or servers managed by them) the online offer can be accessed. For these purposes, we may use infrastructure and platform services, computing capacity, storage space and database services, as well as security services and technical maintenance services.
The data processed as part of the provision of the hosting offer may include all information relating to the users of our online offer, which is generated as part of the use and communication. This regularly includes the IP address, which is necessary to be able to deliver the contents of online offers to browsers, and all entries made within our online offer or from websites.

Collection of access data and log files: We ourselves (or our web hosting provider) collect data on each access to the server (so-called server log files). The server log files may include the address and name of the web pages and files accessed, the date and time of access, the volume of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider.
The server log files may be used, on the one hand, for security purposes, e.g., to prevent server overload (especially in the event of abusive attacks, so-called DDoS attacks) and, on the other hand, to ensure the utilization of the servers and their stability.
Types of data processed: Content data (e.g. entries in online forms), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
Data subjects: Users (e.g. website visitors, users of online services).
Purposes of processing: provision of our online services and user-friendliness.
Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f. GDPR).
Services used and service providers:
1&1 IONOS SE: Services in the field of providing information technology infrastructure and related services (e.g. storage space and/or computing capacity); Service provider: 1&1 IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany;
Privacy policy:

3. data processing through the use of cookies and plugins.

(1) In addition to the previously mentioned data, cookies are stored on your terminal device when you use our websites. Cookies are small text files that are stored on your hard drive and assigned to your browser and provide us with information. They serve to make our website more user-friendly and effective. The legal basis is Art. 6 para. 1 p. 1 lit. f GDPR, namely our legitimate interest in improving the user-friendliness of our web offer and for evaluating our online marketing activities.

(2) You can configure your browser settings according to your preferences and thus, for example, refuse to accept cookies. We would like to point out that in this case you may not be able to use all the functions of our websites.

3.1 Google Analytics

(1) We use Google Analytics, a web analytics service provided by Google LLC, Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics also uses cookies. The information generated by the cookie about your use of our websites is usually transmitted to a Google server in the USA and stored there.

(2) In the event that IP anonymization is activated, however, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. IP anonymization is active in our web service. On our behalf, Google will use this information for the purpose of evaluating the use of our websites, compiling reports on website activity and providing us with other services relating to website activity and internet usage.

(3) The IP address transmitted by your browser as part of Google Analytics will – according to Google – not be merged with other Google data. In addition, we refer to the privacy policy of Google. You can prevent the collection of the data generated by the cookie and related to your use (including your IP address) to Google and the processing of this data by Google by downloading and installing a browser plugin or deny your consent to the use of Google Analytics.

Plugins and embedded functions and content
We incorporate into our online offering functional and content elements that are obtained from the servers of their respective providers (hereinafter referred to as “third-party providers”). These can be, for example, graphics, videos or city maps (hereinafter uniformly referred to as “content”).
The integration always requires that the third-party providers of this content process the IP address of the user, since without the IP address they could not send the content to their browser. The IP address is thus required for the presentation of these contents or functions. We strive to use only such content whose respective providers use the IP address only for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to analyze information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online services as well as be linked to such information from other sources.
Notes on legal basis: If we ask users for their consent to the use of third-party providers, the legal basis for the processing of data is consent. Otherwise, users’ data is processed on the basis of our legitimate interests (i.e. interest in efficient, economic and recipient-friendly services). In this context, we would also like to refer you to the information on the use of cookies in this Privacy Policy.
Types of data processed: Usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses), inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. entries in online forms).
Data subjects: Users (e.g. website visitors, users of online services).
Purposes of processing: provision of our online services and user-friendliness, provision of contractual services and customer service.
Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f. GDPR), consent (Art. 6 para. 1 p. 1 lit. a. DSGVO), contract performance and pre-contractual requests (Art. 6 para. 1 p. 1 lit. b. GDPR).
Services used and service providers:
Google Fonts:
This site uses so-called web fonts provided by Google for the uniform display of fonts. The Google Fonts are installed locally. A connection to Google servers does not take place. Further information on Google Web Fonts can be found at and in Google’s privacy policy:
Polylang: For the multilingualism of our website we use the program Polylang. Polylang is a product of WP SYNTEX, 28, rue Jean Sebastien Bach, 38090 Villefontaine, France. We write posts, pages and create categories and publish tags as usual and then define the language for each of them. Cookies from Polylang are set exclusively to recognize and record the language used or chosen by the user. These cookies are stored for one year, after which they are deleted. For more information on privacy compliance, click here:

4. data processing when contacting us

When you contact us by e-mail, telephone or via a contact form, the data you provide (e.g. e-mail address, name, telephone number or even the content of the inquiry) will be processed by us in order to answer your questions and/or process your request. The legal basis is Art. 6 para. 1 lit. a) and b) GDPR.

5. data processing for members

(1) If you are a member with us, we process your contact and payment data as well as communication, contract and membership data for the fulfillment and billing of the contractual services, which you can find in our membership conditions. For the aforementioned purpose, your data may be passed on to service providers supporting us (service providers, operators of communication applications, etc.), which we have of course carefully selected and which are bound by our instructions.

(2) The legal basis is the existing membership (Art. 6 para. 1 p. 1 lit. b GDPR).

6. newsletter

(1) We send e-mails and other electronic notifications with promotional information (hereinafter “newsletter”) only with your consent or legal permission. The newsletters contain information about our products, offers, promotions and our association. By subscribing to our newsletter, you agree to receive it.

(2) The use of a dispatch service provider, the performance of statistical surveys and analyses as well as the logging of the registration process are based on our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR. Our interest is directed towards the use of a user-friendly as well as secure newsletter system that serves our business interests as well as meets your expectations.

(3) You can revoke your consent to receive our newsletter at any time.

7. your rights

(1) You have the following rights with respect to us regarding your personal data:

  • Right to information (Art. 15 GDPR),
  • Right to rectification and erasure (Art. 16 and 17 GDPR),
  • Right to restriction of processing (Art. 18 GDPR),
  • Right to object to processing (Art. 21 GDPR),
  • Right to data portability (Art. 20 GDPR).

(2) You also have the right to complain to the data protection supervisory authority about the processing of your data by us.

(3) We would like to point out that you can revoke any data protection consent you may have given us at any time with effect for the future. The same applies to consent for advertising. The best way to do this is to send an informal e-mail to: The respective revocation can lead to the fact that our offers can no longer be made available to you or only to a limited extent.

(4) Insofar as we base the processing of your personal data on a balance of interests (Art. 6 para. 1 p. 1 lit. f GDPR), you may object to the processing. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will review the merits of the case and either discontinue or adjust the data processing or show you our compelling legitimate grounds on the basis of which we will continue the processing.

8. disclosure of data to third parties

(1) We will only disclose your data to third parties if this is necessary, for example, on the basis of Art. 6 para. 1 lit. b) GDPR for contractual purposes or if it can be justified on the basis of legitimate interests pursuant to Art. 6 para. 1 lit. f. GDPR can be justified.

(2) If we use subcontractors to provide our services, we take appropriate legal as well as technical and organizational measures to ensure the protection of personal data in accordance with the relevant legal requirements.

(3) Insofar as third-party providers are specified in the context of this data protection declaration and their named registered office is located in a third country, it is to be assumed that a data transfer takes place to the countries in which the third-party providers are based. We only process your data in a third country if it is necessary for the fulfillment of our (pre)contractual obligations (Art. 6 para. 1 lit. b GDPR), on the basis of your consent (Art. 6 para. 1 lit. a GDPR), due to a legal obligation (Art. 6 para. 1 lit. c GDPR) or on the basis of our legitimate interests (Art. 6 para. 1 lit. f GDPR). The same applies to the processing by third parties on our behalf, the disclosure of your personal data to third parties as well as their transmission to third parties.

9. data deletion

(1) The data stored by us will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory retention obligations. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. I.e. the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law.

(2) In accordance with legal requirements, data is retained for six years pursuant to Section 257 (1) HGB (commercial books, inventories, commercial letters, accounting vouchers, etc.) and for ten years pursuant to Section 147 (1) AO (books, records, management reports, accounting vouchers, commercial and business letters, documents relevant for taxation, etc.).

10. final provisions

(1) We use technical and organizational security measures to protect your data, in particular against accidental or intentional manipulation, loss, destruction or against attack by unauthorized persons. Our security measures are continuously improved in line with technological developments.

(2) We will update the data protection declaration from time to time due to the technical progress of our offers. Insofar as the change to the data protection statement does not affect the use of existing data, the new data protection statement will apply from the date it is updated on our website. A change to the data protection declaration that relates to the use of data already collected will only be made if it is reasonable for you. In such a case, we will notify you in a timely manner by e-mail, on our websites, in our application or in another form. You have the right to object to the validity of the new data protection declaration within four weeks of receipt of the notification. If no objection is made within the aforementioned period, you will be deemed to have accepted the amended data protection statement. We will inform you of your right to object and the significance of the objection period in the notification.

Status: January 2023