Pamono GmbH, Uhlandstraße 175, 10719 Berlin, Germany, (“Pamono”, “we / us / our”), as operator of the website www.pamono.de, www.pamono.com and country domains (each henceforth called “Pamono website”) and of a home furnishings webshop (“offer”) is responsible for the personal information collected on the website. Pamono GmbH is registered with the commercial register of the district court Charlottenburg under the number HRB 148132 B and is represented by the managing directors Oliver Weyergraf, Letizia Luperini Enciso and Christian Ahrendt.
Contact us at email@example.com if you have questions about privacy.
|Responsible Party & Contact||
Uhlandstr. 175, 10719 Berlin, Germany, registered with the commercial register of the district court Charlottenburg under HRB 148132 B, represented by the managing directors Oliver Weyergraf, Letizia Luperini Enciso, and Christian Ahrendt.
|Transfer of data to countries outside of the EU||Because Pamono works with third-party service providers, your data may be transferred to countries outside the EU when you use our website and services. These third-party service providers however guarantee compliance with EU data protection laws. For more details please refer to the privacy statement below.|
|Deletion of data||Because Pamono works with third-party service providers, your data may be transferred to countries outside the EU when you use our website and services. These third-party service providers however guarantee compliance with EU data protection laws. For more details please refer to the privacy statement below.|
|Right to object / Your rights||You have the right to object to the use of your personal data – which has been collected and processed with your explicit consent – for direct marketing purposes at any time with effect to the future. You are entitled to demand information about your saved personal data at any time and to receive it in a structured, standard and machine-readable format, and to request that your stored data be corrected or deleted in case it is incorrect or the data storage itself is not permissible. Simply contact us about this using the contact options listed above. It is your or the data subject’s right of appeal to the supervisory authority. A list of data protection authorities can be found here: bfdi.bund.de or ec.europa.eu.|
|Data security||In order to afford optimal protection of your data, the website uses a secure SSL connection between our server and the browser, i.e. the data is transmitted in encrypted form. We have taken technical and organisational measures to ensure that the data protection regulations are observed both by us and by external service providers.|
Table of contents:
1. What is personal data? How does Pamono use the data of visitors to its website(s)? What are the legal bases for the processing of this data? Does Pamono use profiling?
2. Is the data shared with third parties? Is the data processed in other EU countries?
3. Which third-party services and offers and what kind of cookies does Pamono use?
4. Your rights: information, correction, deletion, restriction of processing, revocation, data transferability, right of appeal
5. Duration of the storage of personal data; deletion periods
6. Data security, scope of application
7. Responsible party and contact person in matters of data protection
1. What is personal data? How does Pamono use the data of visitors to its website(s)? What are the legal bases for the processing of this data? Does Pamono use profiling?
1.1 Personal data and consent
Personal data is defined as any information relating to an identified or identifiable natural person (“data subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.
Personal data is information such as name, email address or telephone number, but also information about hobbies, memberships or which other websites were visited by the data subject.
We only collect, use and share personal data in accordance with what is legally permissible, and with the user’s consent.
Consent is any voluntarily given, unambiguous statement of agreement in a specific case, given in an informed manner in the form of a statement, or other clearly affirming consenting action, with which the data subject indicates that they agree to the processing of their personal data.
1.2 Visiting the Pamono website
We (or the webspace provider) collect data on each of your visit to the Pamono website (this data is referred to as “server log files”) (“access data”). This access data includes: name of the website accessed, file, date and time of access, volume of data transmitted, protocol on successfully access, browser type and version, the user's operating system, referrer URL (i.e. page previously visited), IP address and the requesting provider. If the user is using a mobile device, the access data additionally comprises: country code, language, name of device, name of operating system and version, GPS location data.
We use this access data only for statistical evaluations for the purpose of operation, security and optimization of our offer on the Pamono website. However, reserve the right to review these data at a later date, if concrete indications of unlawful use become known to us. This data is then stored as it is understood to be the only way to prevent misuse of our offer; if necessary this data will be reviewed to investigate past offenses. In this regard, since we are the party responsible for data processing, storing this data is necessary to ensure our security. This data will not be shared with third parties unless required by law or for the purpose of criminal prosecution.
1.3 Data collected when registering for the Pamono website and services; purchase data; payment data
We collect and store the following data (“registration data”) when you register on the Pamono website and create a customer account: first and last name, email address, password and other information, such as billing and shipping address. You can manage this data at any time by going to “User account” – “Overview” in the menu. Further we collect your data for the purpose of processing your orders on Pamono, and in order to process the sales contracts for goods purchased from our webshop (“purchase data”). This data includes: first and last name, billing address, shipping address.
The registration data, purchase data and any other data you provide in the course of registration will be used on the Pamono website only insofar as this data is required for us to fulfill the sales contract or for pre-contractual measures, i.e. use of the Pamono website and purchase of products in the webshop.
Payment data is not processed by us, but exclusively by our external provider Stripe.
1.4 Contacting us
When you contact us (for example by email), also outside of a contractual relationship with us, your details will be stored for the purpose of processing the request as well as in the event that follow-up questions arise.
1.5 Newsletter; Mailchimp
With the newsletter we inform the user about us and our offers. Only the user’s email address is needed to register for the newsletter. When a user registers for the newsletter, their email address is transmitted to both us and the email provider Mailchimp and is stored there. An email is sent to the user after they register for the newsletter, asking them to confirm the registration (“double opt-in”). The following information is stored with us and with our mail provider Mailchimp when a user subscribes to the newsletter: their IP address, the name of their device, their mail provider, the user’s first and last name, the date that they subscribed. This information is only stored in order to serve as evidence in case a third party subscribes to the newsletter by misusing another person’s email address without their consent.
To send our newsletter we use the service “Mailchimp” by Rocket Science Group LLC (675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA). For this purpose and on our behalf the following data is processed on Mailchimp’s servers in the USA: the user’s IP address, device name, mail provider, their first and last name, date.
The user can revoke their consent to their data and email address being stored and used to send the newsletter at any time. To revoke their consent, the user can use the link contained in the newsletter emails themselves or by notifying us via the contact options listed above, or, if applicable, contacting the mail provider directly; all of this is at no extra cost save for the cost of data transfer.
1.6 Data collected when registering as vendor and using the vendor portal; purchase data; payment data
We collect and store the following data (“vendor data”) when you register with Pamono as vendor: first and last name, contact person, email address, password, as well as further information, such as billing address, shipping address, payment data. You can manage this data at any time in the Vendor Portal by going to “settings” in the menu. Payment data is processed by us. The vendor data and any other data you provide in the course of registration will be used on the Pamono website only insofar as this data is required for us to fulfill the sales contract or for pre-contractual measures.
1.7 Legal bases of data processing
In general, the legal basis for data processing of data when using our website and services is Art. 6 (1) b. GDPR, i.e. the data is processed insofar as it is required to fulfill the sales contract between you and us or to fulfill pre-contractual measures that you requested. Art. 6 (1) a. GDPR is also the legal basis for the processing of data for specific purposes, provided and to the extent that you and/or the data subject have given their prior consent. You give your consent for example when you register as a customer and create a user account.
Art. 6 (1) c. GDPR is also the legal basis for any processing of your data by us when this is required to fulfill a legal obligation to which we and/or other responsible persons are subject. This can be the case for example when our data is collected when you visit our web page, if we choose this method to ensure security of our website and services.
Data processing may also be carried out on the basis of Art. 6 (1) e. GDPR, if this is necessary to perform a legal obligation in the public interest or in the exercise of official authority that we or the responsible party have been vested in.
Moreover, Art. 6 (1) f. GDPR also forms the legal basis for example when data is collected when visiting the Pamono website or when data is transmitted to our shareholders and external service providers. The processing takes place if it is necessary to safeguard our legitimate interests and does not outweigh your interests, fundamental rights and fundamental freedoms that might require the protection of personal data.
A legitimate interest is to be assumed in the case of a legitimate relationship between you (or the person in question) and us (or the responsible party), i.e. if you are a customer and/or user of our website and services.
For further details we refer to the explanations of processing operations in this privacy statement.
1.8 Automated decision-making (“profiling”)
We do not use profiling or automated decision-making when you visit our website and use our services. However, in individual cases it is possible that such profiling is carried out by the third-party providers we use. We point this out as much as possible in this privacy statement.
“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
Examples of such profiling include the analysis of data (e.g. on the basis of statistical methods) with the aim of displaying personalised advertising to the user or giving shopping tips.
The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them. This does not apply if the decision (i) is necessary for the conclusion or performance of a contract between the data subject and the data controller, (ii) is required by EU law or law of its member states to which the data controller is subject and such law contains appropriate measures to safeguard the rights, freedoms and legitimate interests of the data subject or (iii) with explicit consent of the data subject. In these exceptions, the responsible party takes appropriate measures to safeguard the data subject’s rights, freedoms and legitimate interests, including at least the right to obtain the intervention of a person by the data controller, to state their own position and to challenge the decision.
2. Is data transferred to third parties, and is it processed in other EU countries?
We only transfer personal data to third parties insofar as it is necessary in the framework of fulfilling the terms of the agreement and only within the scope stated in this privacy statement. Furthermore, data is only transmitted if we are legally obliged to do so or if the person concerned has given their consent and has not revoked it, or if this is necessary to enforce our rights. In some cases, processing may take place in other EU countries, but we make sure that the level of data protection is always in compliance with EU requirements.
2.1 Integration of external service providers
We work together with external service providers that support us in carrying out the online or offline steps necessary to execution of our service. We only transfer personal data to third parties insofar as it is permissible by law (i.e. in order to execution our service on the website, in accordance with Art. 6 (1) b. GDPR) or with your given consent (in accordance with Art. 6 (1) a. GDPR) or if you instruct us to do so. Please contact firstname.lastname@example.org for more information.
This relates for example to the transmission of data to our shipping service provider(s). Moreover, as part of our affiliate program, we may share information with our affiliate partners who use the information on our behalf for marketing purposes and to improve our services. These affiliate partners process the data exclusively within the EU and in compliance with the relevant legal bases. Among other things, the affiliate partners receive the customer's ID.
2.2 Processing in other EU countries
Data may be transferred outside the EU when visiting or using the website – this is the case for the services of Google, Facebook or Twitter, as described in the section “Social Plugins”. The US companies offering Google, Facebook and Twitter services are each certified under the EU-US Privacy Shield agreement and thus guarantee compliance with EU data protection regulations.
Furthermore, your data will be processed by Mailchimp, located outside the EU, when you sign up for the newsletter.
Data may be transferred outside the EU when visiting or using the website. This is the case for example with the services of the payment service provider Stripe, Inc. 185 Berry Street, Suite 550, San Francisco, CA 94107, USA. Stripe processes payment data in order to process payments on the website. Stripe, Inc. is certified according to the EU-US Privacy Shield agreement and thus guarantees compliance with data protection regulations in the EU. For more information about Stripe please refer to https://stripe.com/de/privacy.
3 Which services by third parties and which cookies are used?
3.1 Integration of third-party services and content
It is possible that third-party content is integrated within our website, such as videos hosted by YouTube, maps by Google Maps, RSS feeds or graphics from other websites. This always presupposes that the providers of this content (hereinafter referred to as “third-party providers”) are aware of the user’s IP address, since the IP address is required to send content to the user’s browser. The IP address is therefore required to display this content. Where possible, we will only use content whose respective third-party providers use the IP address solely for the delivery of the content and point this out accordingly. However, we have no influence on the actions of third-party providers if they store the IP address, e.g. for statistical purposes. The users will be informed if such behavior by third party service providers is known to us.
Cookies are small files that are automatically stored on your access device that allow us to store information related to your device. On the one hand, cookies enhance the user-friendliness of websites and thus serve the users (e.g. by storing login data). On the other hand, they are used to collect statistical data on the use of the website and to analyze it in view of improving the Pamono website.
When the user visits the Pamono website, temporary “session cookies” are generated and stored on the user’s device, but they are deleted as soon as the user closes their browser window. The session cookies are stored at benötigt in order to assign successive page views to the respective users who access the platform at the same time.
Users can manage many companies’ advertisement cookies from by using the U.S. site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/uk/your-ad-choices.
3.3 Google Analytics
We use Google Analytics, a web analysis service of Google Inc, Mountain View, CA 94043, USA (“Google”). Google Analytics uses “cookies”, which are text files placed on the users’ device to help the website analyze how they use the site. The cookie generates information such as browser type/version; operating system used; referrer URL (page previously visited); host name of the accessing computer (IP address); time of the server request when using the website. This information is usually transmitted to a Google server in the USA and stored there, but given that IP anonymization is activated on the Pamono website, our users’ IP addresses will be previously abbreviated within EU member states or other parties to the Agreement on the European Economic Area. This means that the full IP address will not be transmitted to a Google server in the USA and shortened there. IP anonymization is activated on the Pamono website. On behalf of the operator of this website Google will use this information to evaluate your usage of the website, to create reports on website activities and to provide other services related to website and internet usage to the website operator. The IP address transmitted by your browser within the context of Google Analytics will not be combined with any other data held by Google.
By using appropriate settings you can prevent the storage of cookies in your browser. In this case however we would like to point out that you might not be able to fully use all functions of the Pamono website(s). It is also possible to prevent the collection of data generated by the cookie and related to the usage of the website to Google as well as the processing of these data by Google by downloading and installing the browser plugin available here: http://tools.google.com/dlpage/gaoptout?hl=de
3.4 Social plugins
Our website also contains social plugins which are used to connect the website to the following social networks: Facebook, Twitter and Pinterest.
By default these social plugins are deactivated and therefore no data gets transferred. If for example a user wants to share content that is on the Pamono website to one of these social networks, they must click on the corresponding button on the Pamono website. If the user is logged in to their user profile in that social network, it is only after a second click on that button, e.g. the “share” function, that their visit of the Pamono website will be put in relation to their user account on the given social network.
The user may deactivate this function at any time and manage it within the Pamono website by going to “Settings”. If the user does not want any data about their visit to the Pamono website to be collected by the social networks, they should log out of these social networks before visiting the Pamono website. However, if they activate the relevant social media buttons by clicking, cookies will still be generated that identify each visit to the the Pamono website. This function may therefore collect data and create a profile which may then be traced back to a specific natural person (please refer to the point “profiling” above). If you do not wish this to happen, just visit the Pamono website and click on the correct option to disable the function. Or you can set your browser to never accept any cookies; however, we would like to point out that in this case the functionality of the Pamono website can be limited.
Our website(s) and services use the social plugin for the social network Facebook, at facebook.com, by Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”).
Our website(s) and services use the social plugin for the social network Twitter, at twitter.com, by Twitter Inc. 795 Folsom St., Suite 600, San Francisco, CA 94107, USA (“Twitter”).
Our website(s) and services use the social plugin for the services of Pinterest Inc, 808 Brannan Street, San Francisco, CA 94103, USA, and Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland (“Pinterest”).
We use the services of Advertising Limited, Level 6 1, Burlington Plaza, Burlington Road, Dublin 4, Ireland (“AdRoll”) to display advertisements that are of interest for our users.
If the user visits a website operated by us or a third party and on which AdRoll can display an advertisement for us, AdRoll may process data such as activity on the Pamono website, and information about device and browser. For example, if the user visits the Pamono website and searches for a specific product there, AdRoll (or other platforms that AdRoll works with) may display targeted advertisements for the product they looked at on the Pamono website to the user later, while they’re surfing the Internet.
We use Hotjar in order to better understand our users’ needs and to optimize this service and experience.
You can opt-out to the creation of a user profile, Hotjar’s storing of data about your usage of our site and Hotjar’s use of tracking cookies on other websites by following this opt-out link.
4. Your rights: information, correction, deletion, restriction of processing, revocation, data portability, right of appeal
4.1 Right of access to stored personal data
Every user has a right to access the personal data stored about their person at any time and free of charge.
This right of access to stored personal data includes the right to know whether personal data concerning the data subject is being processed and, if so, the following related information:
purpose(s) of data processing; categories of personal data being processed; recipient(s) or categories of recipient(s) who the personal data has been disclosed to or is currently being disclosed to, especially in the case of recipients established in third countries or international organisations;
if possible the planned duration that personal data is to be stored for, or, if this is not possible to tell, the criteria that determine this duration;
the existence of a right of correction or deletion of the user’s personal data or restrictions of processing by the party responsible or of a right of opposition to such processing; the existence of a right to lodge complaints with a regulatory authority;
if the personal data is not collected from the data subject themselves, all available information about the data’s origin; the existence of automated decision-making including profiling (according to GDPR) and – at least in these cases – relevant information about the applied logic as well as the scope and the intended effects of such processing for the data subject.
The right of access to stored personal data does not exist if the data is only stored because it may not be deleted by reason of statutory, constitutional and contractual regulations on retention and for data backup and data protection control, and if therefore the provision of information would require disproportionate effort, and if appropriate technical and organizational measures preclude processing of personal data for further purposes.
The user has the right to revoke their consent regarding the use, processing or transmission of their data at any time. To this end the user can contact us at email@example.com.
In the case of the withdrawal of your consent for the storing, processing and use of your personal data, we will immediately delete all of your saved data. This does not apply if compelling legitimate grounds are given for processing that outweigh your interests, fundamental rights and fundamental freedoms or if data processing is required to establish, exercise or defend legal claims.
We will therefore continue to use this data, for example, if it is still necessary for the implementation of the contractual relationship, for example.
4.3 Rectification and integration of data
You have the right to have any inaccurate personal data immediately corrected. You have the right to request the rectification of your personal data (for example by submitting an explanation about the inaccuracy of the data) in view of the given processing purposes. For this purpose please contact firstname.lastname@example.org.
4.4 Erasure (“Right to be forgotten”)
You have the right to demand that we delete your personal data immediately. For this, please contact email@example.com
Your personal data will be deleted immediately in the following cases:
if we no longer need your personal data for the purposes for which they were initially collected or otherwise processed;
if you revoke your consent that formed the basis for the processing, and there is no other legal basis for processing;
if you object to the processing and there are no proper overriding legitimate reasons for processing;
if the personal data has been unlawfully collected.
if the deletion of the personal data is required to fulfil a legal obligation under EU law or the law of the Member States to which we are subject;
if the personal data relating to information society services offered directly was collected from a child under 16 years of age without parental consent.
When a customer account is deleted, their data that had been stored in the internal database is also deleted, except if data processing is required to establish, exercise or defend legal claims, such as fulfilment of contractual obligations with Pamono (cf. paragraph 5) or if legal retention periods prevent deletion.
Data will not be deleted if processing of the data is necessary (i) to perform a legal obligation in the public interest or in the exercise of official authority that we have been vested in; (ii) to exercise the right to free speech and information; (iii) on grounds of public interest in the field of public health; or (iv) for archival purposes in the public interest, for scientific or historical research purposes or for statistical purposes, if the right to deletion presents a serious obstacle to reaching the objectives of this processing or makes it.
In the case of non-automated data processing, data need not be deleted if it this would require disproportionate effort or if it is impossible, and if your interest in deleting is seen as small. In this case, data processing will be restricted instead of the data erased.
Moreover, we will restrict data processing rather than delete the data as long and as far as we have reason to believe that erasure would adversely affect legitimate interests of the data subject. We will inform the data subject of the restriction of processing if doing so is not impossible or would not involve a disproportionate effort.
Please also refer to the following sections 4.5 and 5 below.
4.5 Right to restriction of processing
You have the right to request us to restrict the processing of your personal data if one of the following conditions is met: (i) The accuracy of the personal data is disputed by you for a period that enables us to verify the accuracy of the personal data; (ii) The processing is unlawful, you refuse to delete the personal data and instead demand a restriction on the use of the personal data; (iii) We no longer need the personal data for the purposes of processing, you need the data to assert, exercise or defend legal claims; or (iv) You have filed an objection against the processing and it is not yet clear whether the legitimate reasons of our company outweigh your legitimate reasons for the objection. If the above conditions are met and you wish to have your personal data stored by us restricted, you can contact us at firstname.lastname@example.org at any time. We will then arrange for processing to be restricted. If you have been confirmed that the processing of your personal data is restricted, we will inform you in advance if we lift this restriction again.
Instead of personal data being deleted, its processing may be restricted. Please refer to the previous section for more details.
4.6 Right to data portability
You have the right to receive your personal data (that you have provided to us) in a structured, commonly used and machine-readable format. For this, please contact us at email@example.com. You also have the right to transmit those data to another controller without hindrance from us (who was provided with the personal data), provided that the processing is based on consent or on a contract to which the data subject is a party and provided that the processing is carried out by automated means.
In exercising your right to data portability, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
This right shall apply if it adversely affects the rights and freedoms of others, or if processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
4.7 Right of appeal
You always have the right to appeal the processing of your personal data to a supervisory authority of your choice. In Germany the authorities responsible for data protection are those that enforce the respective federal state laws.
5. Duration of storage of personal data; deadlines for deletion
As a general rule we only keep the personal information for as long as it is necessary to fulfill the contractual obligations or in regard to a given purpose, and we limit the storage period to an absolutely necessary minimum.
The duration of storage may vary in the case of longer-term contractual relationships, such as e.g. when using our website(s) and services, but as a rule are limited to the duration of the given contractual relationship or, with regard to inventory data, the maximum is set to the statutory retention periods (e.g. in accordance with Handelsgesetzbuch (HGB) [German Commercial Code] and Abgabenordnung (AO) [German Fiscal Code].
The duration of storage depends on, among other things, whether the data is still current, whether the contractual relationship with us still exists or whether an inquiry has already been processed, whether a process has been completed or not and whether legal retention periods for the personal data concerned are pertinent or not.
6. Data security, scope of application
6.1 Data security
In order to ensure the best possible standard of protection for your personal data, the Pamono website offers a secure SSL connection between the user's server and the browser, i.e. the data is transmitted securely using encryption.
When using our website and services, user data are stored on servers within the EU. We use the server provider Maxcluster GmbH, Technologiepark 8, 33100 Paderborn, Germany, which processes the data on our behalf.
It should be specifically noted that with current technology the security of data transmission via open networks such as the internet cannot be fully guaranteed. You are aware of the fact that, from a technical point of view, the provider can at any time view the pages stored on the web server and other stored data that concerns you. You are fully responsible for ensuring that the data that you transmit through the Internet and store on web servers are protected and secure. We are not liable for disclosure of personal information due to errors in transmission and/or unauthorized access by third parties.
6.2 Availability and validity of privacy statement; modifications
You can view, download and print out this privacy statement at any time on our website at https://www.pamono.com/privacy/
We have the right to modify this privacy statement in compliance with the relevant regulations.
7. Responsible party for data protection; contact
Please contact us by email at firstname.lastname@example.org if you have any questions about data protection.