privacy policy

Information on the processing of personal data pursuant to and for the purposes of Art. 13 of New European Regulation No. 679/2016 on the protection of individuals with regard to the processing of personal data (GENERAL DATA PROTECTION REGULATION – GDPR)

Your privacy

Poke House S.p.A. with its registered office in Milan, at Corso Giuseppe Garibaldi, 12, Tax code and VAT No. 10300540969 (hereinafter referred to as “Poke”) is constantly committed to protecting the privacy of its users. This document has been drafted pursuant to Art. 13 of EU Regulation No. 679/2016 (hereinafter referred to as the “Regulation”) in order to allow you to know how your personal information is handled when you (i) browse the www.pokehouse.it website, (ii) reach squad.pokehouse.it by scanning our QR code on the website and/or on promotional materials (flyers, in-store material, etc.), and (iii) you use Poke House Squad (hereinafter referred to as the “Mobile Wallet”), which enables you to be kept up-to-date on all the latest initiatives and offers dedicated to you ((i), (ii), and (iii), hereinafter, jointly referred to as the “Platforms”) and, where appropriate, to give your express and informed consent to the processing of your personal data.
In accordance with the Regulation, the processing of data carried out by Poke shall be based on the principles of lawfulness, correctness, transparency, purpose limitation and retention, data minimisation, accuracy, integrity and confidentiality.
Moreover, we would like to remind you that the services provided by Poke via the Platforms are only intended for people over the age of 18. For people under 18 years of age, the use of the services is only permitted with the consent of their parents or legal guardian. Should Poke become aware of personal data belonging to individuals under the age of 18 without the valid consent of a relative or legal guardian, it shall immediately delete such data.
If you would like more detailed information on how Poke handles your personal data please also read our Cookie Policy, which contains information regarding (i) the use of cookies on the Platforms as well as (ii) the terms and conditions of our services.

Please note that some of our services may be subject to specific legal terms, in which case, we shall provide you with all the appropriate information on a case-by-case basis.

1. The data controller

The Data Controller responsible for processing your data is Poke House S.r.l. with its registered office in Milan, at Corso Giuseppe Garibaldi 12, Tax code and VAT No. 10300540969 (hereinafter referred to as “Poke”). You can contact the Data Controller at any time by sending a request to privacy@pokehouse.it, should you require any clarification, question or need relating to your privacy and the processing of your personal data.
 

2. Types of data processed and purposes of processing

Poke processes the personal information you provide when you place an order and purchase products, alongside the information it collects while you browse or use the services available on the Website, as well as the information you provide by registering for the Newsletter.

Poke may then collect data about you such as, for example:

If you do not wish to receive any further communications from Poke or decide to withdraw your consent, you can let us know by simply clicking on the “unsubscribe” link at the bottom of each communication, accessing your Mobile Wallet and clicking on the three dots at the top right of the card, and/or by contacting our Customer Service Department by sending an e-mail to privacy@pokehouse.it.
Please note that you may receive further communications from us even after your unsubscription request has been submitted, as some items may have already been planned and our systems may take some time to process your request.

In relation to all the above-mentioned activities, we shall process your personal data mainly through IT and electronic tools; the tools we use guarantee high security standards in full compliance with the regulations currently in force.

Your personal data is processed for the following purposes:

Personal data provided by you voluntarily

This privacy policy is also intended for the processing of personal data provided by you voluntarily via the Platforms.

Third party personal data provided by you voluntarily

When using particular services on the Platforms, third-party personal data directly sent by you to Poke could be processed. With respect to these hypotheses, you are the autonomous data controller and therefore take on all relevant legal obligations and responsibilities. In this sense, you shall hold Poke harmless and unaccountable for any liability with respects to any dispute, claim and/or request for compensation for damage caused to Poke by third parties whose personal data has been processed through your own use of the Platform services in breach of applicable data protection regulations. In any case, should you provide or otherwise process third party personal data while using the Platforms, from here onwards, you guarantee – taking on all pertinent responsibilities – that this particular processing hypothesis is based on your prior acquisition of the third party’s consent to the processing of any relevant information.
 

3. Legal basis for processing personal data

The legal basis for processing your personal data for the purposes referred to in Article 3 letters a) and b) is Article 6(1)(b) of the Regulation ([…] the processing is necessary for the performance of a contract to which the data subject is party or for the implementation of pre-contractual measures adopted at the request of the same), as the processing is required for the provision of our services. The provision of your data for these purposes is optional, but failure to provide/withdraw your data would make it impossible for Poke to provide you with its services.
The purpose referred to in Article 3 letter c) represents a legitimate processing of your data pursuant to Article 6(1)(c) of the Regulation ([…] the processing is necessary in order to fulfil a legal obligation to which the data controller is subject). In fact, once the data has been provided, the processing is indeed necessary in order to fulfil a legal obligation to which Poke is subject.
The processing of your data carried out mainly for marketing purposes as per Article 3 letters d), e) and f) is based on the provision of your consent pursuant to Article 6(1)(a) ([…] the data subject has given his or her consent to the processing of his/her personal data for one or more specific purposes). The provision of your data for the aforementioned purposes is therefore entirely optional and does not jeopardise the use of the services provided on the Platforms by Poke. Should you wish to object to the processing of your data for the aforementioned purposes, you can contact us at any time at the following address: privacy@pokehouse.it.
The processing operations carried out for profiling purposes referred to in Article 3 letter g) are based on the provision of your consent pursuant to Article 6(1)(a) ([…] the data subject has given consent to the processing of his/her personal data for one or more specific purposes) and Article 22(2)(c) of the Regulation.
 

4. Geolocation

Among the services available on the Platforms, there is the possibility for the user to receive push notifications specifying that you are in the vicinity of a local Poke, however only after express consent has been given. This location data is neither transmitted nor made accessible by Poke outside your mobile device; Therefore, Poke does not process this data.
On the contrary, with your express permission, Apple and/or Google systems process your location data for the purpose of providing you with services (e.g. suggesting your nearest locality). In any case, the possibility to deny access to your location data through the settings of your device remains unaffected.
 

5. Data processors

Your personal data is processed by personnel that has been trained and instructed by Poke in its capacity as a Data Controller. Your data may also be processed by entities other than Poke, in compliance with laws currently in force.
Should some of these entities be based in non-EU countries, the transfer of your personal data to such countries shall be carried out in compliance with the guarantees provided for by law.
 

6. Transfer of personal data

Furthermore, your data can be shared with:
Your personal data is stored on servers and processed by Poke within the European Economic Area. Poke ensures that the processing of your data by these Recipients takes place in compliance with the Regulation.
Poke ensures that the processing of your data by these Recipients takes place in compliance with the Regulation.
Indeed, transfers may be based on the adoption of an adequacy decision, on Standard Contractual Clauses approved by the European Commission or on another appropriate legal basis.
 

7. Data retention period

Your personal data is kept for a limited period of time depending on the purpose for which it was collected. At the end of this period, your personal data shall be deleted, made irreversibly anonymous, and/or disabled. The period of retention changes depending on the processing purpose: for example, the data used to send you our newsletters is retained until you ask us to stop sending them and to remove you from our mailing list.

More specifically: data processed for the purposes referred to in Article 3 letters a) and b) shall be kept for the time strictly necessary to achieve those purposes. In any case, since the processing is carried out for the provision of services, Poke shall retain your data for the period of time provided for and permitted by Italian law in order to protect its interests (Art. 2946 of the Italian Civil Code and subsequent amendments and additions.

The data processed for the purposes referred to in Article 3 letter c) shall be retained for the time provided for by the specific obligation or rule of applicable law.
For the purposes referred to in Article 3 letters d), e), f) and g), your data shall be processed, as a general rule, until your consent is withdrawn. In any case, Poke applies rules that prevent data retention for an indefinite period of time and limits the retention time in compliance with the principle of minimising data processing.
Your personal data shall be processed by either electronic, or in any case automated, computerised and telematic means, or by manual processing with retention logic strictly related to the purposes for which such data was collected and, in any case, in such a way so as to guarantee the security of the same.
Further information on this subject can be requested by sending an e-mail to the following address: privacy@pokehouse.it.
 

8. Your rights

Pursuant to Articles 15 et seq. of the Regulation, you have the right to request Poke, at any time whatsoever, access to your personal data collected, to either rectify, delete or to object to its processing. You have the right to request the restriction of its processing in the cases provided for in Art. 18 of the Regulation, as well as to obtain the data about you stored in a structured, commonly-used and machine-readable format, in the cases provided for in Art. 20 of the Regulation.

Requests should be made in writing and sent to the following e-mail address: privacy@pokehouse.it.

More specifically, your rights consist of:

9. Complaints

In the event you believe that the processing of your personal data has been carried out unlawfully, you can lodge a complaint with one of the supervisory authorities responsible for compliance with the provisions on personal data protection. In Italy, pursuant to Art. 77 of the Regulation, the complaint may be lodged with the Italian Data Protection Authority.
Further information on how to lodge a complaint is available on the Italian Data Protection Authority website at: http://www.garanteprivacy.it.
 

10. Safety measures

Your personal data is processed using specific technical and organisational security measures aimed at preventing unlawful or fraudulent use. In particular, we adopt security measures that guarantee: the pseudonymisation and/or encryption, confidentiality, integrity and availability of your data. In addition, Poke is also committed to regularly test, verify and evaluate the effectiveness of technical and organisational measures in order to ensure continuous improvement in data processing security.
 

11. Privacy policy information updates

This privacy policy has been in force since 2nd July 2020.

Over time, this privacy policy may be modified and integrated, as necessary. We invite you to periodically check its contents: where possible, we shall try to inform you promptly about the changes made and of any consequences thereof.
In any case, an updated version of the privacy policy shall be published on this page, indicating the date of its last revision.

SELECT A COUNTRY

SELECT A COUNTRY

SELECT A COUNTRY