Privacy Policy

This privacy policy gives an overview and then more detailed explanation on the nature, scope and purpose of the collection and use of personal information about you on this website.

Pamono Inc., c/o APRIO, LLP, 5 Concourse Pkwy, Suite 1000 Atlanta GA 30328, United States, (“Pamono”, “we / us / our”), as operator of the website (each henceforth called “Pamono website”) and of a home furnishings webshop (“offer”) is responsible for the personal information collected on the website. Pamono is represented by the managing director Gregg Brockway.

Contact us at if you have questions about privacy.

Overview of our Privacy Policy:

Data processing: purposes, necessity, legal basis, legitimate interests The data is used for the purposes of fraud prevention (§ 15 TMG or Art. 6 (1) b., c. or f., General Data Protection Regulation (GDPR) and for marketing and quality management purposes (§ 15 TMG or Art. 6 (1) a., b. or f. GDPR) in order to ensure continuous technical accuracy and improve the quality of the range of products offered and of the services. Moreover, with your explicit consent, your personal data will be used to send you our newsletter (Art. 6 (1) a. GDPR). We also use your data to process your enquiries, purchases and orders on the website and to fulfill other pre-contractual or contractual obligations (Art. 6 (1) b. GDPR). The legal basis of our privacy policy can be found in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data, on the free movement of data and on the repeal of Directive 95/46/EC (GDPR), in the Bundesdatenschutzgesetz [Federal Data Protection Act] (BDSG), and the Telemediengesetz [Telemedia Law] (TMG). With regards to data processing pursuant to Art. 6 (1) f. GDPR, the provider or authorized third parties are pursuing the legitimate interests of marketing, quality management and fraud prevention.
Data recipient and data provision The data will be processed by us as provider or also by third parties for the purposes of hosting, quality management and marketing. Details can be found in the privacy policy below. You provide the data via the website if this is necessary for the aforementioned purposes. If you fail to provide the data, it can result in legal disadvantages for you, such as losing your legal positions, due to errors in the display of the website.
Transfer of data to countries outside of the EU Because Pamono works with third-party service providers, your data may be transferred to countries outside the EU when you use our website and services. These third-party service providers however guarantee compliance with EU data protection laws. For more details please refer to the privacy statement below.
Deletion of data The data will be deleted if it’s no longer needed for data-processing purposes.
How do I delete my user account? If you would like to delete your account, please submit your request to using your account email.
Right to object / Your rights You have the right to object to the use of your personal data – which has been collected and processed with your explicit consent – for direct marketing purposes at any time with effect to the future. You are entitled to demand information about your saved personal data at any time and to receive it in a structured, standard and machine-readable format, and to request that your stored data be corrected or deleted in case it is incorrect or the data storage itself is not permissible. Simply contact us about this using the contact options listed above.
Automated decision-making (“profiling”) No profiling or automated decision-making takes place on the website or when using our services; however, such profiling may take place in individual cases by third-party providers we work with, as stated – where possible – in our privacy policy.
Data security In order to afford optimal protection of your data, the website uses a secure SSL connection between our server and the browser, i.e. the data is transmitted in encrypted form. We have taken technical and organisational measures to ensure that the data protection regulations are observed both by us and by external service providers.

Table of contents:
1. What is personal data? How does Pamono use the data of visitors to its website(s)? What are the legal bases for the processing of this data? Does Pamono use profiling?
2. Is the data shared with third parties? Is the data processed in other EU countries?
3. Which third-party services and offers and what kind of cookies does Pamono use?
4. Your rights: information, correction, deletion, restriction of processing, revocation, data transferability, right of appeal
5. Duration of the storage of personal data; deletion periods
6. Data security, scope of application
7. Responsible party and contact person in matters of data protection

1. What is personal data? How does Pamono use the data of visitors to its website(s)? What are the legal bases for the processing of this data? Does Pamono use profiling?

1.1 Personal data and consent

Personal data is defined as any information relating to an identified or identifiable natural person (“data subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.

Personal data is information such as name, email address or telephone number, but also information about hobbies, memberships or which other websites were visited by the data subject.

We only collect, use and share personal data in accordance with what is legally permissible, and with the user’s consent.

Consent is any voluntarily given, unambiguous statement of agreement in a specific case, given in an informed manner in the form of a statement, or other clearly affirming consenting action, with which the data subject indicates that they agree to the processing of their personal data.

1.2 Visiting the Pamono website

We (or the webspace provider) collect data on each of your visit to the Pamono website (this data is referred to as “server log files”) (“access data”). This access data includes: name of the website accessed, file, date and time of access, volume of data transmitted, protocol on successfully access, browser type and version, the user's operating system, referrer URL (i.e. page previously visited), IP address and the requesting provider. If the user is using a mobile device, the access data additionally comprises: country code, language, name of device, name of operating system and version, GPS location data.

We use this access data only for statistical evaluations for the purpose of operation, security and optimization of our offer on the Pamono website. However, reserve the right to review these data at a later date, if concrete indications of unlawful use become known to us. This data is then stored as it is understood to be the only way to prevent misuse of our offer; if necessary this data will be reviewed to investigate past offenses. In this regard, since we are the party responsible for data processing, storing this data is necessary to ensure our security. This data will not be shared with third parties unless required by law or for the purpose of criminal prosecution.

1.3 Data collected when registering for the Pamono website and services; purchase data; payment data

We collect and store the following data (“registration data”) when you register on the Pamono website and create a customer account: first and last name, email address, password and other information, such as billing and shipping address. You can manage this data at any time by going to “User account” – “Overview” in the menu. Further we collect your data for the purpose of processing your orders on Pamono, and in order to process the sales contracts for goods purchased from our webshop (“purchase data”). This data includes: first and last name, billing address, shipping address.

The registration data, purchase data and any other data you provide in the course of registration will be used on the Pamono website only insofar as this data is required for us to fulfill the sales contract or for pre-contractual measures (i.e. use of the Pamono website and purchase of products in the webshop, including, without limitation, sending abandoned cart emails and other direct marketing about items you have expressed an interest in). (Legal basis Art. 6 Para. 1 lit. b DSGVO).

Payment data is not processed by us, but exclusively by our external provider Stripe.

1.4 Contacting us

When you contact us (for example by email), also outside of a contractual relationship with us, your details will be stored for the purpose of processing the request as well as in the event that follow-up questions arise.

1.5 Newsletter; Klaviyo

With the newsletter we inform the user about us and our offers. Only the user’s email address is needed to register for the newsletter. When a user registers for the newsletter, their email address is transmitted to both us and the email provider Klaviyo and is stored there. An email is sent to the user after they register for the newsletter, asking them to confirm the registration (“double opt-in”). The following information is stored with us and with our mail provider Klaviyo when a user subscribes to the newsletter: their IP address, the name of their device, their mail provider, the user’s first and last name, the date that they subscribed. This information is only stored in order to serve as evidence in case a third party subscribes to the newsletter by misusing another person’s email address without their consent.

To send our newsletter we use the service “Klaviyo” 125 Summer St, Floor 6 Boston, MA 02111 United States. For this purpose and on our behalf the following data is processed on Klaviyo’s servers in the USA: the user’s IP address, device name, mail provider, their first and last name, date.

We would like to point out that automated decision making (“profiling”) may take place when integrating Klaviyo. We use the Klaviyo service to analyze user behavior, for example whether users open the email or click on links in the email body. When opening the email the data contained therein (“web-beacon”) connects with Klaviyo’s servers in the USA to analyze user behavior. It also collects technical information such as IP address, browser type and operating system. Klaviyo participates in the EU-US Privacy Shield framework and Swiss-U.S. Privacy Shield framework. Klaviyo complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and/or Switzerland to the United States.

Klaviyo's privacy policy can be found here:

The user can revoke their consent to their data and email address being stored and used to send the newsletter at any time. To revoke their consent, the user can use the link contained in the newsletter emails themselves or by notifying us via the contact options listed above, or, if applicable, contacting the mail provider directly; all of this is at no extra cost save for the cost of data transfer.

1.6 Data collected when registering as vendor and using the vendor portal; purchase data; payment data

We collect and store the following data (“vendor data”) when you register with Pamono as vendor: first and last name, contact person, email address, password, as well as further information, such as billing address, shipping address, payment data. You can manage this data at any time in the Vendor Portal by going to “settings” in the menu. Payment data is processed by us. The vendor data and any other data you provide in the course of registration will be used on the Pamono website only insofar as this data is required for us to fulfill the sales contract or for pre-contractual measures.

1.7 Legal bases of data processing

In general, the legal basis for data processing of data when using our website and services is Art. 6 (1) b. GDPR, i.e. the data is processed insofar as it is required to fulfill the sales contract between you and us or to fulfill pre-contractual measures that you requested. Art. 6 (1) a. GDPR is also the legal basis for the processing of data for specific purposes, provided and to the extent that you and/or the data subject have given their prior consent. You give your consent for example when you register as a customer and create a user account.

Art. 6 (1) c. GDPR is also the legal basis for any processing of your data by us when this is required to fulfill a legal obligation to which we and/or other responsible persons are subject. This can be the case for example when our data is collected when you visit our web page, if we choose this method to ensure security of our website and services.

Data processing may also be carried out on the basis of Art. 6 (1) e. GDPR, if this is necessary to perform a legal obligation in the public interest or in the exercise of official authority that we or the responsible party have been vested in.

Moreover, Art. 6 (1) f. GDPR also forms the legal basis for example when data is collected when visiting the Pamono website or when data is transmitted to our shareholders and external service providers. The processing takes place if it is necessary to safeguard our legitimate interests and does not outweigh your interests, fundamental rights and fundamental freedoms that might require the protection of personal data.

A legitimate interest is to be assumed in the case of a legitimate relationship between you (or the person in question) and us (or the responsible party), i.e. if you are a customer and/or user of our website and services.

For further details we refer to the explanations of processing operations in this privacy statement.

1.8 Automated decision-making (“profiling”)

We do not use profiling or automated decision-making when you visit our website and use our services. However, in individual cases it is possible that such profiling is carried out by the third-party providers we use. We point this out as much as possible in this privacy statement.

“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;

Examples of such profiling include the analysis of data (e.g. on the basis of statistical methods) with the aim of displaying personalised advertising to the user or giving shopping tips.

The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them. This does not apply if the decision (i) is necessary for the conclusion or performance of a contract between the data subject and the data controller, (ii) is required by EU law or law of its member states to which the data controller is subject and such law contains appropriate measures to safeguard the rights, freedoms and legitimate interests of the data subject or (iii) with explicit consent of the data subject. In these exceptions, the responsible party takes appropriate measures to safeguard the data subject’s rights, freedoms and legitimate interests, including at least the right to obtain the intervention of a person by the data controller, to state their own position and to challenge the decision.

2. Is data transferred to third parties, and is it processed in other EU countries?

We only transfer personal data to third parties insofar as it is necessary in the framework of fulfilling the terms of the agreement and only within the scope stated in this privacy statement. Furthermore, data is only transmitted if we are legally obliged to do so or if the person concerned has given their consent and has not revoked it, or if this is necessary to enforce our rights. In some cases, processing may take place in other EU countries, but we make sure that the level of data protection is always in compliance with EU requirements.

2.1 Integration of external service providers

We work together with external service providers that support us in carrying out the online or offline steps necessary to execution of our service. We only transfer personal data to third parties insofar as it is permissible by law (i.e. in order to execution our service on the website, in accordance with Art. 6 (1) b. GDPR) or with your given consent (in accordance with Art. 6 (1) a. GDPR) or if you instruct us to do so. Please contact for more information.

This relates for example to the transmission of data to our shipping service provider(s). Moreover, as part of our affiliate program, we may share information with our affiliate partners who use the information on our behalf for marketing purposes and to improve our services. These affiliate partners process the data exclusively within the EU and in compliance with the relevant legal bases. Among other things, the affiliate partners receive the customer's ID.

2.2 Processing in other EU countries

Data may be transferred outside the EU when visiting or using the website – this is the case for the services of Google, Facebook or Twitter, as described in the section “Social Plugins”. The US companies offering Google, Facebook and Twitter services are each certified under the EU-US Privacy Shield agreement and thus guarantee compliance with EU data protection regulations.

Furthermore, your data will be processed by Mailchimp, located outside the EU, when you sign up for the newsletter.

Data may be transferred outside the EU when visiting or using the website. This is the case for example with the services of the payment service provider Stripe, Inc. 185 Berry Street, Suite 550, San Francisco, CA 94107, USA. Stripe processes payment data in order to process payments on the website. Stripe, Inc. is certified according to the EU-US Privacy Shield agreement and thus guarantees compliance with data protection regulations in the EU. For more information about Stripe please refer to

3 Which services by third parties and which cookies are used?

3.1 Integration of third-party services and content

It is possible that third-party content is integrated within our website, such as videos hosted by YouTube, maps by Google Maps, RSS feeds or graphics from other websites. This always presupposes that the providers of this content (hereinafter referred to as “third-party providers”) are aware of the user’s IP address, since the IP address is required to send content to the user’s browser. The IP address is therefore required to display this content. Where possible, we will only use content whose respective third-party providers use the IP address solely for the delivery of the content and point this out accordingly. However, we have no influence on the actions of third-party providers if they store the IP address, e.g. for statistical purposes. The users will be informed if such behavior by third party service providers is known to us.

3.2 Cookies

Cookies are small files that are automatically stored on your access device that allow us to store information related to your device. On the one hand, cookies enhance the user-friendliness of websites and thus serve the users (e.g. by storing login data). On the other hand, they are used to collect statistical data on the use of the website and to analyze it in view of improving the Pamono website.

When the user visits the Pamono website, temporary “session cookies” are generated and stored on the user’s device, but they are deleted as soon as the user closes their browser window. The session cookies are stored at benötigt in order to assign successive page views to the respective users who access the platform at the same time.

The users can influence the use of cookies. Most browsers will allow you to erase cookies from your computer hard drive, or entirely block the acceptance of cookies. It should however be noted that this will affect user comfort.

Users can manage many companies’ advertisement cookies from by using the U.S. site or the EU site

3.3 Google Analytics

We use Google Analytics, a web analysis service of Google Inc, Mountain View, CA 94043, USA (“Google”). Google Analytics uses “cookies”, which are text files placed on the users’ device to help the website analyze how they use the site. The cookie generates information such as browser type/version; operating system used; referrer URL (page previously visited); host name of the accessing computer (IP address); time of the server request when using the website. This information is usually transmitted to a Google server in the USA and stored there, but given that IP anonymization is activated on the Pamono website, our users’ IP addresses will be previously abbreviated within EU member states or other parties to the Agreement on the European Economic Area. This means that the full IP address will not be transmitted to a Google server in the USA and shortened there. IP anonymization is activated on the Pamono website. On behalf of the operator of this website Google will use this information to evaluate your usage of the website, to create reports on website activities and to provide other services related to website and internet usage to the website operator. The IP address transmitted by your browser within the context of Google Analytics will not be combined with any other data held by Google.

By using appropriate settings you can prevent the storage of cookies in your browser. In this case however we would like to point out that you might not be able to fully use all functions of the Pamono website(s). It is also possible to prevent the collection of data generated by the cookie and related to the usage of the website to Google as well as the processing of these data by Google by downloading and installing the browser plugin available here:

For more information please refer to Google's privacy policy:

3.4 Social plugins

Our website also contains social plugins which are used to connect the website to the following social networks: Facebook, Twitter and Pinterest.

By default these social plugins are deactivated and therefore no data gets transferred. If for example a user wants to share content that is on the Pamono website to one of these social networks, they must click on the corresponding button on the Pamono website. If the user is logged in to their user profile in that social network, it is only after a second click on that button, e.g. the “share” function, that their visit of the Pamono website will be put in relation to their user account on the given social network.

The user may deactivate this function at any time and manage it within the Pamono website by going to “Settings”. If the user does not want any data about their visit to the Pamono website to be collected by the social networks, they should log out of these social networks before visiting the Pamono website. However, if they activate the relevant social media buttons by clicking, cookies will still be generated that identify each visit to the the Pamono website. This function may therefore collect data and create a profile which may then be traced back to a specific natural person (please refer to the point “profiling” above). If you do not wish this to happen, just visit the Pamono website and click on the correct option to disable the function. Or you can set your browser to never accept any cookies; however, we would like to point out that in this case the functionality of the Pamono website can be limited.


Our website(s) and services use the social plugin for the social network Facebook, at, by Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”).

Facebook's privacy policy can be found at https://de-


Our website(s) and services use the social plugin for the social network Twitter, at, by Twitter Inc. 795 Folsom St., Suite 600, San Francisco, CA 94107, USA (“Twitter”).

Twitter's privacy policy can be found at


Our website(s) and services use the social plugin for the services of Pinterest Inc, 808 Brannan Street, San Francisco, CA 94103, USA, and Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland (“Pinterest”).

Pinterest's privacy policy can be found at

3.5 Salesforce

We use the services of ", Inc." Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105 (usually abbreviated as SF or SFDC) an American cloud-based software company headquartered in San Francisco, California to store and process user data. For certain Services, for which they act as a data processor, Salesforce has certified under the EU-U.S. and Swiss-U.S. Privacy Shield frameworks.

More information about Salesforce’s privacy practices can be read at

3.6 Segment

We use "Segment", Inc. 100 California Street, Suite 700 San Francisco, CA 94111 USA, in order to better understand our users’ needs and to optimize this service and experience.

Segment is a technology service that helps us better understand our users experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Segment uses cookies and other technologies to collect data on our users’ behavior and their devices (in particular device's IP address (captured and stored only in anonymized form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), preferred language used to display our website). Segment stores this information in a pseudonymized user profile. Neither Segment nor we will ever use this information to identify individual users or to match it with further data on an individual user., Inc. (“Segment” or “we”, “us” or “our”) complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data transferred to it in the United States from the European Economic Area (“EEA”) or Switzerland, respectively.

For further details, please see Segment’s privacy policy at

You can opt-out to the creation of a user profile, Segment’s storing of data about your usage of our site and Segment's use of tracking cookies on other websites by following this opt-out link.

3.7 Formassembly

We use "Form Assembly" FormAssembly Inc. 885 S College Mall Rd, #399, Bloomington, IN 47401, USA, to process form data submitted securely through the Website. For more information about Form Assembly's privacy practices, please see Form Assembly Privacy Policy at

FormAssembly Inc. complies with the EU-U.S. Privacy Shield Framework and the Swiss – U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, United Kingdom, and Switzerland to the United States, respectively.

3.8 Facebook conversion pixels

We use the “Custom Audience pixel” of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”) on our website. With its help, we can keep track of what users do after they see or click on a Facebook advertisement. This enables us to monitor the effectiveness of Facebook ads for purposes of statistics and market research. Data collected in this way is anonymous to us, which means we cannot see the personal data of individual users. However, this data is saved and processed by Facebook. Facebook can connect this data with your Facebook account and use it for its own advertising purposes, in accordance with Facebook’s Data Policy which can be found at You can allow Facebook and its partners to place ads on and outside of Facebook. A cookie can also be saved on your device for these purposes.

Please click here if you would like to withdraw your consent

3.9 Amazon Web Services

We use "Amazon Web Services" Amazon Web Services, Inc., 410 Terry Avenue North, Seattle, WA 98109-5210, USA, to host our Website. We collect standard Internet log files to enable us to troubleshoot the Website's infrastructure.

For more information about the privacy practices of Amazon Web Services, see Amazon Web Services Privacy Policy at


We use Groove, at, GROOVE LABS INC. (“GROOVE”), 660 4th Street #684 San Francisco, CA94107 United States, to inform users about us and our offers. Groove has certified that it complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries. If there is any conflict between the policies in this privacy policy and the Privacy Shield Framework, the Privacy Shield Framework shall govern. Groove is subject to the investigatory and enforcement powers of the FederalTrade Commission (FTC). You can find more about their privacy policy here (


We use "Replyify" ( Replyify may collect two types of data about users: (1) information that we or others voluntarily submit to them and technical data automatically collected from all visitors to the Replyify Service. They may transfer Personal Information to companies that help them provide their Services. Transfers to subsequent third parties are covered by the Data Processing Agreements with our customers. Repliyify does not sell Personal Information to any third party. Replyify does not share your personally identifiable information with other organizations for their marketing or promotional uses without prior consent. You can find more about their privacy policy here (

4. Your rights: information, correction, deletion, restriction of processing, revocation, data portability, right of appeal

4.1 Right of access to stored personal data

Every user has a right to access the personal data stored about their person at any time and free of charge.

This right of access to stored personal data includes the right to know whether personal data concerning the data subject is being processed and, if so, the following related information:

purpose(s) of data processing; categories of personal data being processed; recipient(s) or categories of recipient(s) who the personal data has been disclosed to or is currently being disclosed to, especially in the case of recipients established in third countries or international organisations;

if possible the planned duration that personal data is to be stored for, or, if this is not possible to tell, the criteria that determine this duration;

the existence of a right of correction or deletion of the user’s personal data or restrictions of processing by the party responsible or of a right of opposition to such processing; the existence of a right to lodge complaints with a regulatory authority;

if the personal data is not collected from the data subject themselves, all available information about the data’s origin; the existence of automated decision-making including profiling (according to GDPR) and – at least in these cases – relevant information about the applied logic as well as the scope and the intended effects of such processing for the data subject.

The right of access to stored personal data does not exist if the data is only stored because it may not be deleted by reason of statutory, constitutional and contractual regulations on retention and for data backup and data protection control, and if therefore the provision of information would require disproportionate effort, and if appropriate technical and organizational measures preclude processing of personal data for further purposes.

4.2 Revocation

The user has the right to revoke their consent regarding the use, processing or transmission of their data at any time. To this end the user can contact us at

In the case of the withdrawal of your consent for the storing, processing and use of your personal data, we will immediately delete all of your saved data. This does not apply if compelling legitimate grounds are given for processing that outweigh your interests, fundamental rights and fundamental freedoms or if data processing is required to establish, exercise or defend legal claims.

We will therefore continue to use this data, for example, if it is still necessary for the implementation of the contractual relationship, for example.

4.3 Rectification and integration of data

You have the right to have any inaccurate personal data immediately corrected. You have the right to request the rectification of your personal data (for example by submitting an explanation about the inaccuracy of the data) in view of the given processing purposes. For this purpose please contact

4.4 Erasure (“Right to be forgotten”)

You have the right to demand that we delete your personal data immediately. For this, please contact

Your personal data will be deleted immediately in the following cases:

if we no longer need your personal data for the purposes for which they were initially collected or otherwise processed;

if you revoke your consent that formed the basis for the processing, and there is no other legal basis for processing;

if you object to the processing and there are no proper overriding legitimate reasons for processing;

if the personal data has been unlawfully collected.

if the deletion of the personal data is required to fulfil a legal obligation under EU law or the law of the Member States to which we are subject;

if the personal data relating to information society services offered directly was collected from a child under 16 years of age without parental consent.

When a customer account is deleted, their data that had been stored in the internal database is also deleted, except if data processing is required to establish, exercise or defend legal claims, such as fulfilment of contractual obligations with Pamono (cf. paragraph 5) or if legal retention periods prevent deletion.

Data will not be deleted if processing of the data is necessary (i) to perform a legal obligation in the public interest or in the exercise of official authority that we have been vested in; (ii) to exercise the right to free speech and information; (iii) on grounds of public interest in the field of public health; or (iv) for archival purposes in the public interest, for scientific or historical research purposes or for statistical purposes, if the right to deletion presents a serious obstacle to reaching the objectives of this processing or makes it.

In the case of non-automated data processing, data need not be deleted if it this would require disproportionate effort or if it is impossible, and if your interest in deleting is seen as small. In this case, data processing will be restricted instead of the data erased.

Moreover, we will restrict data processing rather than delete the data as long and as far as we have reason to believe that erasure would adversely affect legitimate interests of the data subject. We will inform the data subject of the restriction of processing if doing so is not impossible or would not involve a disproportionate effort.

Please also refer to the following sections 4.5 and 5 below.

4.5 Right to restriction of processing

You have the right to request us to restrict the processing of your personal data if one of the following conditions is met: (i) The accuracy of the personal data is disputed by you for a period that enables us to verify the accuracy of the personal data; (ii) The processing is unlawful, you refuse to delete the personal data and instead demand a restriction on the use of the personal data; (iii) We no longer need the personal data for the purposes of processing, you need the data to assert, exercise or defend legal claims; or (iv) You have filed an objection against the processing and it is not yet clear whether the legitimate reasons of our company outweigh your legitimate reasons for the objection. If the above conditions are met and you wish to have your personal data stored by us restricted, you can contact us at at any time. We will then arrange for processing to be restricted. If you have been confirmed that the processing of your personal data is restricted, we will inform you in advance if we lift this restriction again.

Instead of personal data being deleted, its processing may be restricted. Please refer to the previous section for more details.

4.6 Right to data portability

You have the right to receive your personal data (that you have provided to us) in a structured, commonly used and machine-readable format. For this, please contact us at You also have the right to transmit those data to another controller without hindrance from us (who was provided with the personal data), provided that the processing is based on consent or on a contract to which the data subject is a party and provided that the processing is carried out by automated means.

In exercising your right to data portability, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible.

This right shall apply if it adversely affects the rights and freedoms of others, or if processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

4.7 Right of appeal

You always have the right to appeal the processing of your personal data to a supervisory authority of your choice. In Germany the authorities responsible for data protection are those that enforce the respective federal state laws.

5. Duration of storage of personal data; deadlines for deletion

As a general rule we only keep the personal information for as long as it is necessary to fulfill the contractual obligations or in regard to a given purpose, and we limit the storage period to an absolutely necessary minimum.

The duration of storage may vary in the case of longer-term contractual relationships, such as e.g. when using our website(s) and services, but as a rule are limited to the duration of the given contractual relationship or, with regard to inventory data, the maximum is set to the statutory retention periods (e.g. in accordance with Handelsgesetzbuch (HGB) [German Commercial Code] and Abgabenordnung (AO) [German Fiscal Code].

The duration of storage depends on, among other things, whether the data is still current, whether the contractual relationship with us still exists or whether an inquiry has already been processed, whether a process has been completed or not and whether legal retention periods for the personal data concerned are pertinent or not.

6. Data security, scope of application

6.1 Data security

In order to ensure the best possible standard of protection for your personal data, the Pamono website offers a secure SSL connection between the user's server and the browser, i.e. the data is transmitted securely using encryption.

When using our website and services, user data are stored on servers within the EU. We use the server provider Maxcluster GmbH, Technologiepark 8, 33100 Paderborn, Germany, which processes the data on our behalf.

It should be specifically noted that with current technology the security of data transmission via open networks such as the internet cannot be fully guaranteed. You are aware of the fact that, from a technical point of view, the provider can at any time view the pages stored on the web server and other stored data that concerns you. You are fully responsible for ensuring that the data that you transmit through the Internet and store on web servers are protected and secure. We are not liable for disclosure of personal information due to errors in transmission and/or unauthorized access by third parties.

6.2 Availability and validity of privacy statement; modifications

You can view, download and print out this privacy statement at any time on our website at

We have the right to modify this privacy statement in compliance with the relevant regulations.

7. Responsible party for data protection; contact


Please contact us by email at if you have any questions about data protection.